[VoiceOps] Bandwidth - Monday Outage
Ryan Delgrosso
ryandelgrosso at gmail.com
Mon Sep 27 17:21:26 EDT 2021
Do we know this is a SIP/RTP targeted volumetric attack and those arent
just collateral damage in a more plebian attack aimed ad portals/apis or
routers?
I can understand them being tight lipped but some transparency helps the
situation.
I wonder if DHS is involved yet?
On 9/27/2021 1:48 PM, Jay Hennigan via VoiceOps wrote:
> On 9/27/21 13:30, Darren via VoiceOps wrote:
>> I know it’s hard to be patient but I can’t imagine they’re NOT all
>> hands on deck.
>>
>> The reality is probably that the DDoS attack is now so big, they
>> can’t handle it on their own, so they’re scrambling to contract out
>> with another provider who can handle it. That would explain why the
>> BGP routes they advertise have shifted. These DDoS products typically
>> take weeks to setup, so they’re likely having to scramble. I’ll be
>> surprised if this does NOT continue tomorrow (unfortunately).
>
> From my understanding this is not your typical volumetric DDoS but
> something specific to SIP or VoIP and thus the typical scrubbing
> services aren't going to be effective against the voice side of things.
>
> Obviously they are keeping things close to the vest in order not to
> give too much information to the bad guys but I agree that it may take
> some time to resolve.
>
>> *From: *VoiceOps <voiceops-bounces at voiceops.org> on behalf of Carlos
>> Alvarez <caalvarez at gmail.com>
>> *Date: *Monday, September 27, 2021 at 1:23 PM
>
>> Generic SIP client here, and the ongoing "continue to investigate"
>> notices are infuriatingly like "we have no damn clue what we're
>> doing." Try explaining to customers why it's not "our fault*" and
>> that there's no way to estimate a repair time.
>
> I think the ongoing "continue to investigate" messages are fine.
> They're obviously dealing with a major incident and trying their best
> to keep their customers informed. This IMHO beats silence.
>
>> *Our fault for choosing them I guess, but not something we can fix in
>> minutes.
>
> The same thing could and has affected others. Voip.ms has been dealing
> with a similar attack for at least a week. We've had excellent service
> from Bandwidth for years and I trust that they will be able to get
> through this as well as anyone.
>
> It's the nature of the legacy PSTN that redundant providers or fast
> failover for inbound calling isn't (yet) a thing.
>
More information about the VoiceOps
mailing list