[VoiceOps] Mitigating or stopping TDOS attacks - any advice?
Ryan Delgrosso
ryandelgrosso at gmail.com
Tue May 16 23:13:54 EDT 2017
The key here is not holding the call past the authentication
transaction. This is a relatively trivial javascript/lua application in
freeswitch and the FS instances in this case are an excellent candidate
for being containerized.
Take the call, auth it with a voice captcha, then get rid of it. Perhaps
do the auth during early media then 302 it. Your CPU cycles spent goes
down by orders of magnitude this way.
I know if at least one large provider doing exactly this on behalf of
their customers.
Imminently do-able. If you are interested in doing this, but timid, feel
free to reach out off-list. Im happy to point you in the right direction.
On 5/16/2017 2:01 PM, Alex Balashov wrote:
> A "voice CAPTCHA" is a viable solution. But it does require
> infrastructure commitments on your part, even if, as you say, an
> Asterisk box can handle many concurrent calls. If you want to recycle
> that across multiple customers, that kind of moat can get mildly
> complicated.
>
> The only concern I would have is from a user experience point of view;
> your customer might not want their callers to have to go through a
> confusing menu, and it would doubtless be psychologically off-putting.
> I don't know what kind of business the customer is, but imagine if you
> called your dentist's office and were prompted to enter some sort of
> PIN. As a layperson, you might think something is wrong with the phone
> system.
>
More information about the VoiceOps
mailing list