Ok, well new update while I was gone, not sure when they posted it:<div><br></div><div><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:10pt"><b>Investigation into current problems:</b></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Hello,</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">For the past two days we have been experiencing a sophisticated type of attack. As soon we noticed the first attempt we commenced an immediate physical upgrade to all of our servers increasing capacity and CPU power by a factor of four in addition to other precautions. Unfortunately even though this is similar to a "typical" DDoS attack it is targeted specifically at the SIP protocol and causes server load to increase to 100% within 1 minute of initiation. As such, standard and extraordinary prevention measures were unable to prevent it. We do not know the specific methodology of the attack but are aware that it is *similar* in effect to a DNS TRASH flood attack. We are performing forensic analysis on the data we have and are capturing traffic to find an exact reason and solution.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">We would like to clarify that there was no intrusion into our network and all of our servers switches and internet connections have been functioning *normally* throughout the entirety of this concern. None of our equipment or interlinks were disconnected or went down. Additionally please note that all of your information is encrypted, safe and secure; and that NO customer data was stolen NOR destroyed.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">We have been working as aggressively as possible throughout the day/night and we have found a short term work-around which will provide immediate relief and allow calls to function normally. This will require updating your configuration slightly. Please re-configure your software/hardware with the following information:</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">*UPDATED*</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Your registrar and Domain should remain as is:</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)"><a href="http://callcentric.com">callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Outbound proxy:</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)"><a href="http://sip.callcentric.com">sip.callcentric.com</a> - For clients *ONLY* able to use A records</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)"><a href="http://srv.callcentric.com">srv.callcentric.com</a> - For clients able to use DNS SRV</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)"><a href="http://bypass.callcentric.com">bypass.callcentric.com</a> - For clients able to use DNS SRV</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">*UPDATED*</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Asterisk users need the following: </span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">host = <a href="http://sip.callcentric.com">sip.callcentric.com</a> OR <a href="http://srv.callcentric.com">srv.callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">outboundproxy = <a href="http://sip.callcentric.com">sip.callcentric.com</a> OR srv.callcentric</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">register => <a href="mailto:1777MYCCID%3ASUPERSECRET@sip.callcentric.com">1777MYCCID:SUPERSECRET@sip.callcentric.com</a> OR <a href="mailto:1777MYCCID%3ASUPERSECRET@srv.callcentric.com">1777MYCCID:SUPERSECRET@srv.callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">*UPDATED*</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">3CX users need the following:</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Outbound proxy hostname or IP: <a href="http://sip.callcentric.com">sip.callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Outbound proxy port (default is 5060): 5060</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">*UPDATED*</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">PAP2/Linksys/Cisco users should be logged into their device in admin/advanced mode and use the following settings: </span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Proxy - Enter <a href="http://callcentric.com">callcentric.com</a> in this field</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Outbound Proxy - Enter <a href="http://srv.callcentric.com">srv.callcentric.com</a> in this field</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Use Outbound Proxy - yes</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Use DNS SRV - yes</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">DNS SRV Auto Prefix - yes</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">*UPDATED*</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Obihai users please make sure the following is configured:</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Service Providers > ITSP Profile > SIP </span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">ProxyServer: <a href="http://callcentric.com">callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">RegistrarServer: <a href="http://srv.callcentric.com">srv.callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">UserAgentDomain: <a href="http://callcentric.com">callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">OutboundProxy: <a href="http://srv.callcentric.com">srv.callcentric.com</a></span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">X_ProxyServerRedundancy: Checked</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Please update this information as soon as possible to restore your calling ability and make sure to *REBOOT* or *RESTART* your device or software.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">We have experienced attempted *unsuccessful* attacks in the past and have made changes in real-time to stop them as well as to prevent future similar attacks. Many of our security documentation guidelines and features have been geared towards these changes. Unfortunately this is an entirely new type of attack, the mechanics of which are still coming to light.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">We sincerely apologize for the inconvenience this has caused. We are committed to further protecting our network and for this reason we will continue working with our engineers to implement a proper solution to provide a comprehensive resolution.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">If you have any questions/concerns regarding this message or if you need assistance in updating your configuration our Support Staff are available to answer your questions in as timely a manner as possible.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Upon achieving a resolution, we will be providing as detailed an explanation as possible regarding this issue as well as the resolution.</span><br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px">
<br style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px"><span style="font-family:verdana,'Lucida Grande',Geneva,arial,helvetica,sans-serif;font-size:12px;background-color:rgb(255,240,208)">Again, we sincerely apologize for any inconvenience that you have experienced as a result of this matter and we appreciate your understanding during this process.</span> <br>
<br><div class="gmail_quote">On Fri, Oct 5, 2012 at 4:42 PM, Mitch <span dir="ltr"><<a href="mailto:mitpatterson@gmail.com" target="_blank">mitpatterson@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>Closest thing to instructions is what I pasted</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Oct 5, 2012 4:30 PM, "Micah Brandon" <<a href="mailto:brandon@netsville.com" target="_blank">brandon@netsville.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 10/05/2012 02:38 PM, Mitch wrote:<br>
> Call centric is reporting they are experiencing a DDOS style attack using the SIP protocol. My registrations are just timing out.<br>
><br>
> There twitter is being updated: <a href="https://twitter.com/Callcentric" target="_blank">https://twitter.com/Callcentric</a> They are also posting updates to customers when the log in. According to the first post regarding this issue on their twitter this is going on hour 17 or so. My logs for asterisk are just filling with registration time outs.<br>
<br>
They say in a later tweet that they posted "instructions" to customers regarding changes to make. Have you seen anything like this on your dashboard?<br>
_______________________________________________<br>
Outages mailing list<br>
<a href="mailto:Outages@outages.org" target="_blank">Outages@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages" target="_blank">https://puck.nether.net/mailman/listinfo/outages</a><br>
</blockquote></div>
</div></div></blockquote></div><br></div>