[VoiceOps] Mitigating or stopping TDOS attacks - any advice?
ryandelgrosso at gmail.com
Tue May 16 23:13:54 EDT 2017
The key here is not holding the call past the authentication
freeswitch and the FS instances in this case are an excellent candidate
for being containerized.
Take the call, auth it with a voice captcha, then get rid of it. Perhaps
do the auth during early media then 302 it. Your CPU cycles spent goes
down by orders of magnitude this way.
I know if at least one large provider doing exactly this on behalf of
Imminently do-able. If you are interested in doing this, but timid, feel
free to reach out off-list. Im happy to point you in the right direction.
On 5/16/2017 2:01 PM, Alex Balashov wrote:
> A "voice CAPTCHA" is a viable solution. But it does require
> infrastructure commitments on your part, even if, as you say, an
> Asterisk box can handle many concurrent calls. If you want to recycle
> that across multiple customers, that kind of moat can get mildly
> The only concern I would have is from a user experience point of view;
> your customer might not want their callers to have to go through a
> confusing menu, and it would doubtless be psychologically off-putting.
> I don't know what kind of business the customer is, but imagine if you
> called your dentist's office and were prompted to enter some sort of
> PIN. As a layperson, you might think something is wrong with the phone
More information about the VoiceOps