[VoiceOps] VoIP Provider DDoSes

Tim Bray tim at kooky.org
Fri Oct 1 10:33:48 EDT 2021


On 26/09/2021 21:54, Mike Hammett wrote:
>
> Are your garden variety DDoS mitigation platforms or services equipped 
> to handle DDoSes of VoIP services? What nuances does one have to be 
> cognizant of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
>

Without saying too much:


Seems to be a spate of DDOS against UK based voip providers at the 
moment.   For ransom.  Don't pay.


One provider said that traditional approaches did not work. They tried 
Voxility but just got false positives.    There are providers that do work.


But in the UK a lot of traffic goes over peers through internet 
exchanges.  So just swapping transit only half the problem.


Prep wise:

So practice altering your IP advertisements, dropping and bringing up 
peers.  If you connect to route servers, practice doing selective 
announcements.  Try to get private interconnects to your upstream telco 
providers.    Get your network teams warmed up for when it does 
happen.    If you host with a cloud provider, have a backup because if 
DDOS is coming from the same cloud .....



Tim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20211001/20d19c13/attachment.htm>


More information about the VoiceOps mailing list