[VoiceOps] Mitigating or stopping TDOS attacks - any advice?

Matthew Yaklin myaklin at firstlight.net
Tue May 16 21:36:36 EDT 2017


While interesting I am more concerned about actual denial of service attacks. Like if I hacked a couple hundred elastix pbxs and used their capabilities to hammer a customer's main number during business hours. Even though they have 50 call paths on their sip trunk it would be saturated easily and reacting takes time. Hours or more? And that assumes a trivial attack without obfuscating the calls in some fashion.

From: Mike Ray, MBA, CNE, CTE <mike at astrocompanies.com>
Sent: Tuesday, May 16, 2017 7:29:49 PM
To: Matthew Yaklin; 'Alex Balashov'
Cc: voiceops at voiceops.org
Subject: RE: [VoiceOps] Mitigating or stopping TDOS attacks - any advice?

Hi Matt,

You may want to look into Nomorobo.  We certified with them some time ago, and they have a very interesting way of doing this.



Mike Ray, MBA, CNE, CTE
Astro Companies, LLC
11523 Palm Brush Trail #401
Lakewood Ranch, FL  34202
DIRECT: call or text 941 600-0207

From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Matthew Yaklin
Sent: Tuesday, May 16, 2017 6:22 PM
To: Alex Balashov <abalashov at evaristesys.com>
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Mitigating or stopping TDOS attacks - any advice?

I noticed how you mentioned asterisk and if it could handle that many calls and you seemed skeptical. Probably based on experience. After all these years I thought a single asterisk server could handle more calls in a stable fashion but it appears not. Once past 500 concurrent calls, depending on hardware and config, things start to get sketchy. It has been a while since I last used asterisk for a VM server or pbx. Those days seem long ago.

Over the years we have had customers experience TDOS. While we have no current customer experiencing the issue today we wanted to research our options just in case.

It seems metaswitch has a cloud based robocall blocking feature we just read about. I have to wonder if that hook in the switch could be used for something.

As others have said though... gathering all this cdr info, analyzing it, and then blocking certain calls while keeping good ones is quite the task to program. And to do it really fast. One can stop trivial attacks that have a pattern but a determined attacker can be quite crafty.

Thank you everyone,

From: sasha at evaristesys.com<mailto:sasha at evaristesys.com> <sasha at evaristesys.com<mailto:sasha at evaristesys.com>> on behalf of Alex Balashov <abalashov at evaristesys.com<mailto:abalashov at evaristesys.com>>
Sent: Tuesday, May 16, 2017 5:01:04 PM
To: Matthew Yaklin
Cc: voiceops at voiceops.org<mailto:voiceops at voiceops.org>
Subject: Re: [VoiceOps] Mitigating or stopping TDOS attacks - any advice?

A "voice CAPTCHA" is a viable solution. But it does require
infrastructure commitments on your part, even if, as you say, an
Asterisk box can handle many concurrent calls. If you want to recycle
that across multiple customers, that kind of moat can get mildly

The only concern I would have is from a user experience point of view;
your customer might not want their callers to have to go through a
confusing menu, and it would doubtless be psychologically off-putting.
I don't know what kind of business the customer is, but imagine if you
called your dentist's office and were prompted to enter some sort of
PIN. As a layperson, you might think something is wrong with the phone

Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20170517/cba04b44/attachment-0001.html>

More information about the VoiceOps mailing list