[VoiceOps] Allworx Denial of Service

Dan White dwhite at olp.net
Tue Apr 8 14:48:54 EDT 2014


We received the following notice from Allworx regarding a widely dispersed
denial of service attack against Allworx systems. Indeed, several of our
systems required a reboot this morning.

We are developing a stricter firewalling plan. Since there are no details
to go on here, would someone please share your approach to firewalling your
Allworx systems, assuming they are publicly routeable and were not
affected?

Thank You.

From: Allworx Marketing [mailto:allworxmarketing at allworx.com]
Sent: Tuesday, April 08, 2014 1:17 PM
To: <removed>
Subject: Allworx Technical Support Advisory

Allworx Technical Support Advisory

Last night, a number of installed Allworx servers were subject to what
closely resembles a denial of service attack from an unknown source.  These
events do not appear to be focused on a specific service provider or
Allworx software release but can result in an Allworx system becoming
unresponsive.  We have mobilized all of our technical resources to
investigate the specific nature of these attacks.

If you, or any of your installed customers, are experiencing outages that
appear to be the result of a denial of service attack, please be advised
that a reboot of the server will typically restore the server
to full operational status.

* Per our Technical Support department, the correct process to reboot the
server is to press the power button on the server for more than one second
- but not more than 4 seconds. The server will start its shutdown process
and the power light blinks green to confirm it is powering down. Please
allow sufficient time for the server to complete its power down cycle.
Depending on the server, this process will vary in length of time from a
few seconds to a few minutes. After several minutes, if the server has not
properly shutdown, you can force a shutdown by holding the power button for
more than 5 seconds or pulling the AC power cord. Caution: Rebooting the
server this way could cause database corruption conditions causing further
service disruption.

Start the server by pressing the power button for more than one second. The
server will restart, and methodically start the process to register the
phones.  Depending on the size of the system and number of handsets this
process will take several minutes.  We apologize for any inconvenience to
you and any of your customers who may be affected.   We are working
diligently to determine the source of these attacks and mitigate their
impact on our system.   You will receive additional updates as we learn
more.



-- 
Dan White


More information about the VoiceOps mailing list