[VoiceOps] Mitigating or stopping TDOS attacks - any advice?

Alex Balashov abalashov at evaristesys.com
Mon May 15 13:15:38 EDT 2017


On Mon, May 15, 2017 at 01:09:01PM -0400, Ivan Kovacevic wrote:

> I think putting this à “block the offending traffic pattern” into practice
> is the crux of the issue. Maybe I am short-sighted or don’t give AI
> sufficient credit, but I think identifying the offending traffic pattern is
> not going to be easy (or maybe possible at all).
> 
> Anyone initiating a TDOS attack can manipulate the call pattern and caller
> ID easy enough to make it look like ‘normal’ traffic.

I suppose it depends on how many concurrent channels/call paths the
customer has. Given a very small number, almost any amount of calls can
tie them up.

But, in general, it's not a DoS attack if it doesn't ... DoS. :-) If
the attackers slow down the call setup rate enough that it doesn't meet
frequency-based DoS detection, chances are it's not a very impactful
attack. Of course, there is a grey area; everything is vague to a degree
we do not realise until we try to make it precise (with apologies to
Bertrand Russell).

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/


More information about the VoiceOps mailing list