[VoiceOps] Mitigating or stopping TDOS attacks - any advice?
Matthew Yaklin
myaklin at firstlight.net
Tue May 16 18:21:55 EDT 2017
I noticed how you mentioned asterisk and if it could handle that many calls and you seemed skeptical. Probably based on experience. After all these years I thought a single asterisk server could handle more calls in a stable fashion but it appears not. Once past 500 concurrent calls, depending on hardware and config, things start to get sketchy. It has been a while since I last used asterisk for a VM server or pbx. Those days seem long ago.
Over the years we have had customers experience TDOS. While we have no current customer experiencing the issue today we wanted to research our options just in case.
It seems metaswitch has a cloud based robocall blocking feature we just read about. I have to wonder if that hook in the switch could be used for something.
As others have said though... gathering all this cdr info, analyzing it, and then blocking certain calls while keeping good ones is quite the task to program. And to do it really fast. One can stop trivial attacks that have a pattern but a determined attacker can be quite crafty.
Thank you everyone,
Matt
________________________________
From: sasha at evaristesys.com <sasha at evaristesys.com> on behalf of Alex Balashov <abalashov at evaristesys.com>
Sent: Tuesday, May 16, 2017 5:01:04 PM
To: Matthew Yaklin
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Mitigating or stopping TDOS attacks - any advice?
A "voice CAPTCHA" is a viable solution. But it does require
infrastructure commitments on your part, even if, as you say, an
Asterisk box can handle many concurrent calls. If you want to recycle
that across multiple customers, that kind of moat can get mildly
complicated.
The only concern I would have is from a user experience point of view;
your customer might not want their callers to have to go through a
confusing menu, and it would doubtless be psychologically off-putting.
I don't know what kind of business the customer is, but imagine if you
called your dentist's office and were prompted to enter some sort of
PIN. As a layperson, you might think something is wrong with the phone
system.
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20170516/dbf801b4/attachment.html>
More information about the VoiceOps
mailing list