[VoiceOps] Mitigating or stopping TDOS attacks - any advice?

Ryan Delgrosso ryandelgrosso at gmail.com
Tue May 16 23:13:54 EDT 2017


The key here is not holding the call past the authentication 
transaction. This is a relatively trivial javascript/lua application in 
freeswitch and the FS instances in this case are an excellent candidate 
for being containerized.

Take the call, auth it with a voice captcha, then get rid of it. Perhaps 
do the auth during early media then 302 it. Your CPU cycles spent goes 
down by orders of magnitude this way.

I know if at least one large provider doing exactly this on behalf of 
their customers.

Imminently do-able. If you are interested in doing this, but timid, feel 
free to reach out off-list. Im happy to point you in the right direction.


On 5/16/2017 2:01 PM, Alex Balashov wrote:
> A "voice CAPTCHA" is a viable solution. But it does require
> infrastructure commitments on your part, even if, as you say, an
> Asterisk box can handle many concurrent calls. If you want to recycle
> that across multiple customers, that kind of moat can get mildly
> complicated.
>
> The only concern I would have is from a user experience point of view;
> your customer might not want their callers to have to go through a
> confusing menu, and it would doubtless be psychologically off-putting.
> I don't know what kind of business the customer is, but imagine if you
> called your dentist's office and were prompted to enter some sort of
> PIN. As a layperson, you might think something is wrong with the phone
> system.
>



More information about the VoiceOps mailing list