<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: arial,helvetica,sans-serif; font-size: 10pt; color: #000000'>"I assume those companies connect with Bandwidth privately versus public Internet."<div><br></div><div>I've asked on here if anyone is connected to Bandwidth.com via PNI and still having issues, but I haven't seen anything back.</div><div><br><div><span name="x"></span><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br>http://www.ics-il.com<br><br><br><br>Midwest Internet Exchange<br>http://www.midwest-ix.com<br><br><span name="x"></span><br></div><br><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Jared Geiger" <jared@compuwizz.net><br><b>To: </b>"VoiceOps" <voiceops@voiceops.org><br><b>Sent: </b>Wednesday, September 29, 2021 11:20:31 PM<br><b>Subject: </b>Re: [VoiceOps] Bandwidth - Monday Outage<br><br><div dir="ltr">Bandwidth.com is behind Cloudflare now instead of NTT presumably for DDoS protection. <div><br></div><div>Then Cloudflare Magic Transit wasn't so magic today. <a href="https://www.cloudflarestatus.com/incidents/kctplzfbf2j2" target="_blank">https://www.cloudflarestatus.com/incidents/kctplzfbf2j2</a></div><div><br></div><div>VoIP needs to decouple from the TDM PSTN legacy so we can get federated and authenticated ENUM IP peering at IXPs or something similar to what the GRX/IPX does in the mobile world. I'm sure this exists to some extent between the big guys already, but us little guys need in on the action to make services more robust.</div><div><br></div><div>I'm surprised more people haven't complained that Google Voice and Microsoft Teams numbers aren't working. I've been too busy to test during these outages to test. I assume those companies connect with Bandwidth privately versus public Internet.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 29, 2021 at 1:53 PM Mary Lou Carey <<a href="mailto:marylou@backuptelecom.com" target="_blank">marylou@backuptelecom.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I will just add that I've helped carriers of all types install and <br>
maintain their networks for the last 21 years. I've worked with every <br>
major ILEC and RBOC and the amount of anti-competitive tactics I've <br>
witnessed over the years has always been through the roof because there <br>
was never a motivation for the big guys to share their networks with the <br>
little guys.<br>
<br>
These kind of tactics are nothing new, so I suspect the attack <br>
originated from a domestic player/group of players and Bandwidth will <br>
not be their only target. My suggestion to everyone would be to make <br>
your networks as redundant as possible so you don't have to rely on any <br>
one carrier. Don't burn bridges with any carriers either because you <br>
never know when you might need them again.<br>
<br>
<br>
MARY LOU CAREY<br>
BackUP Telecom Consulting<br>
Office: 615-791-9969<br>
Cell: 615-796-1111<br>
<br>
On 2021-09-29 01:39 PM, Mary Lou Carey wrote:<br>
> This smells very fishy to me. The fact that a long-term attack has<br>
> been targeted at one of a few companies that host other carrier's<br>
> services AND provides 911 services the weekend before STIR/SHAKEN's<br>
> implementation takes place does not appear to be a coincidence to me.<br>
> Carriers fight attacks off every day, but In all my years of working<br>
> in the industry, I've never seen an attack last so long that it had<br>
> the potential to take a carrier out of business. In my opinion, this<br>
> wreaks of anti-competitive tactics. Whoever is doing this to Bandwidth<br>
> seems to have a lot of resources and purposely intends to take<br>
> Bandwidth out. Call me crazy if you want, but when I smell fish I'm<br>
> usually not wrong!<br>
> <br>
> MARY LOU CAREY<br>
> BackUP Telecom Consulting<br>
> Office: 615-791-9969<br>
> Cell: 615-796-1111<br>
> <br>
> On 2021-09-29 01:03 PM, Mark Wiles wrote:<br>
>> While we all might love to know what they’ve done to TRY to mitigate<br>
>> the issue; it’s reasonable to assume that they’d be fairly quiet<br>
>> about what they’re doing/trying to do. Right now, I’d rather them<br>
>> keep a low profile and simply get the issue addressed. You know<br>
>> they’re hemorrhaging customers left-and-right due to port-aways.<br>
>> <br>
>> From: VoiceOps <<a href="mailto:voiceops-bounces@voiceops.org" target="_blank">voiceops-bounces@voiceops.org</a>> On Behalf Of Ryan<br>
>> Delgrosso<br>
>> Sent: Wednesday, September 29, 2021 1:52 PM<br>
>> To: <a href="mailto:voiceops@voiceops.org" target="_blank">voiceops@voiceops.org</a><br>
>> Subject: Re: [VoiceOps] Bandwidth - Monday Outage<br>
>> <br>
>> FYI a pretty weak but publicly referencable acknowledgement of whats<br>
>> going on<br>
>> <br>
>> <a href="https://www.bandwidth.com/blog/a-message-to-our-customers-and-partners/" rel="noreferrer" target="_blank">https://www.bandwidth.com/blog/a-message-to-our-customers-and-partners/</a><br>
>> [4]<br>
>> <br>
>> On 9/29/2021 10:37 AM, Pete Eisengrein wrote:<br>
>> <br>
>>> They have publicly acknowledge it as a DDoS (<br>
>>> <br>
>> <a href="https://www.bandwidth.com/blog/a-message-to-our-customers-and-partners/" rel="noreferrer" target="_blank">https://www.bandwidth.com/blog/a-message-to-our-customers-and-partners/</a><br>
>>> [1] ) , but being pretty tight-lipped with specifics on what it is<br>
>>> or how they are mitigating.<br>
>>> <br>
>>> On Wed, Sep 29, 2021 at 12:29 PM Carlos Alvarez<br>
>>> <<a href="mailto:caalvarez@gmail.com" target="_blank">caalvarez@gmail.com</a>> wrote:<br>
>>> <br>
>>> Is this some sort of ransom event against them maybe? And what are<br>
>>> the rest of you telling your customers? We seem to have only a few<br>
>>> specifically complaining, but those are complaining a lot.<br>
>>> <br>
>>> On Tue, Sep 28, 2021 at 11:06 PM Ivan Kovacevic<br>
>>> <<a href="mailto:ivan.kovacevic@startelecom.ca" target="_blank">ivan.kovacevic@startelecom.ca</a>> wrote:<br>
>>> <br>
>>> Happening again.<br>
>>> <br>
>>> <a href="https://status.bandwidth.com/" rel="noreferrer" target="_blank">https://status.bandwidth.com/</a> [2]<br>
>>> <br>
>>> [3]<br>
>>> <br>
>>> Ivan Kovacevic<br>
>>> _Co-Founder and VP Client Services_<br>
>>> <br>
>>> [3]<br>
>>> <br>
>>> [3]<br>
>>> <br>
>>> On Mon, Sep 27, 2021 at 10:19 PM Peter Beckman via VoiceOps<br>
>>> <<a href="mailto:voiceops@voiceops.org" target="_blank">voiceops@voiceops.org</a>> wrote: [3]<br>
>>> <br>
>>> On Mon, 27 Sep 2021, Ryan Delgrosso wrote:<br>
>>> <br>
>>>> Nothing meaningful other than the normal public party line.<br>
>>>> <br>
>>>> I too have heard unofficially that its DDOS, which makes sense<br>
>>> given the<br>
>>>> recurring nature.<br>
>>>> <br>
>>>> 4.5hrs down Sat<br>
>>> <br>
>>> Our monitoring showed 2 hours 47 minutes of actual service<br>
>>> affecting<br>
>>> outages across Voice (Inbound and Outbound), Messaging, and<br>
>>> API/Portal.<br>
>>> <br>
>>> The issue started at 3pm and recovered at 5:47pm EDT. We reported<br>
>>> it to<br>
>>> the TAC at 3:07pm, they did not post on Status until 3:31pm.<br>
>>> <br>
>>>> Some small downtime Sun<br>
>>>> <br>
>>>> Now deep into Monday with problems.<br>
>>>> <br>
>>>> Its not a good look, but id like some more transparency.<br>
>>> <br>
>>> DDoS attacks are real and hard to null route. You've got millions<br>
>>> of IP<br>
>>> addresses slamming you with data. Your router has a capacity, and<br>
>>> your<br>
>>> router cannot handle all of that extra crap data along with all of<br>
>>> our<br>
>>> traffic too.<br>
>>> <br>
>>> I'm sure BW will be investing in some beefy hardware that will be<br>
>>> able to<br>
>>> better handle DDoS attacks, as well as working more closely with<br>
>>> their<br>
>>> peering providers. I have to assume that they were getting<br>
>>> gigabits of<br>
>>> traffic, overwhelming their links in addition to their edge<br>
>>> routers.<br>
>>> <br>
>>> Cloudflare details how they do it here:<br>
>>> <br>
>>> <br>
>> <a href="https://support.cloudflare.com/hc/en-us/articles/200172676-Understanding-Cloudflare-DDoS-protection" rel="noreferrer" target="_blank">https://support.cloudflare.com/hc/en-us/articles/200172676-Understanding-Cloudflare-DDoS-protection</a><br>
>>> <br>
>>> Not much to be transparent about. The Internet is an unfriendly<br>
>>> place, and<br>
>>> bad actors can rain hell upon any public IP they want. Unsecured<br>
>>> laptops,<br>
>>> desktops, TVs, IOT devices, etc, all contribute just a little tiny<br>
>>> bit,<br>
>>> and all focus on one single point, kinda like those giant solar<br>
>>> farms with<br>
>>> the mirrors and single tower in the middle to boil the molten<br>
>>> salt.<br>
>>> <br>
>>> Well, Bandwidth is the molten salt, and the mirrors are a bunch of<br>
>>> unsecured devices on the Internet.<br>
>>> <br>
>>> <br>
>> ---------------------------------------------------------------------------<br>
>>> Peter Beckman<br>
>>> Internet Guy<br>
>>> <a href="mailto:beckman@angryox.com" target="_blank">beckman@angryox.com</a><br>
>>> <a href="https://www.angryox.com/" rel="noreferrer" target="_blank">https://www.angryox.com/</a><br>
>>> <br>
>> ---------------------------------------------------------------------------_______________________________________________<br>
>>> VoiceOps mailing list<br>
>>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
>>> _______________________________________________<br>
>>> VoiceOps mailing list<br>
>>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
>>> <br>
>>> [3]<br>
>>> <br>
>>> [3]<br>
>>> <br>
>>> NOTE: This email message and any attachments are for the sole use of<br>
>>> the intended recipient(s) and may contain confidential and/or<br>
>>> privileged information. Any unauthorized review, use, disclosure or<br>
>>> distribution is prohibited. If you are not the intended recipient,<br>
>>> please contact the sender by replying to this email, and destroy all<br>
>>> copies of the original message. [3]<br>
>>> <br>
>>> _______________________________________________<br>
>>> VoiceOps mailing list<br>
>>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
>> <br>
>> _______________________________________________<br>
>> VoiceOps mailing list<br>
>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
>> <br>
>> _______________________________________________ [3]<br>
>> <br>
>> VoiceOps mailing list [3]<br>
>> <br>
>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a> [3]<br>
>> <br>
>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a> [3]<br>
>> <br>
>> <br>
>> Links:<br>
>> ------<br>
>> [1]<br>
>> <a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.bandwidth.com%2fblog%2fa-message-to-our-customers-and-partners%2f&c=E,1,uAmO5u5c6u8d8fA2aiZUY71pe5rUngX8otVxHtppAMoqMT4mPT6x-kUwGStbW61Br73eiJFUz_ELBDJljCzgYb-3jTJ4oRlE2hKikfXw-w,,&typo=1" rel="noreferrer" target="_blank">https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.bandwidth.com%2fblog%2fa-message-to-our-customers-and-partners%2f&c=E,1,uAmO5u5c6u8d8fA2aiZUY71pe5rUngX8otVxHtppAMoqMT4mPT6x-kUwGStbW61Br73eiJFUz_ELBDJljCzgYb-3jTJ4oRlE2hKikfXw-w,,&typo=1</a><br>
>> [2]<br>
>> <a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fstatus.bandwidth.com%2f&c=E,1,WolwFQSZ1OSs3rjO6hgO6OvRKpAzNrbIinIqdFrjiYR6iDxcrIaOmjTwQjb8h9dH4srU-RncK8II-R8Nr7Hs6VVXDGoF_4tEQzedk5uxxsq3FSj8yodwABlgng,,&typo=1" rel="noreferrer" target="_blank">https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fstatus.bandwidth.com%2f&c=E,1,WolwFQSZ1OSs3rjO6hgO6OvRKpAzNrbIinIqdFrjiYR6iDxcrIaOmjTwQjb8h9dH4srU-RncK8II-R8Nr7Hs6VVXDGoF_4tEQzedk5uxxsq3FSj8yodwABlgng,,&typo=1</a><br>
>> [3]<br>
>> <a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.startelecom.ca%2f&c=E,1,z1xMwqyQSba2tIyKk3epfyt83pf2_1tWCHxSK_gEIhOKhqWf0AI2Pjim0jG0f0GhZfi9CRSrv_uuignvRskhETaKKEng-Jqv74-nf4cdBQ,,&typo=1" rel="noreferrer" target="_blank">https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.startelecom.ca%2f&c=E,1,z1xMwqyQSba2tIyKk3epfyt83pf2_1tWCHxSK_gEIhOKhqWf0AI2Pjim0jG0f0GhZfi9CRSrv_uuignvRskhETaKKEng-Jqv74-nf4cdBQ,,&typo=1</a><br>
>> [4]<br>
>> <a href="https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.bandwidth.com%2fblog%2fa-message-to-our-customers-and-partners%2f&c=E,1,owS2cVWZA1WGtGMAEPu5Ti5eAX1FOEqqPpmk_aMkLeDVGUmFu8zbe-bfN7-I3BmpNDZJ3qFWqtTezgSk_R_ZotZ43dLmcgYlB_u6Qh-e-AkGRe0,&typo=1" rel="noreferrer" target="_blank">https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.bandwidth.com%2fblog%2fa-message-to-our-customers-and-partners%2f&c=E,1,owS2cVWZA1WGtGMAEPu5Ti5eAX1FOEqqPpmk_aMkLeDVGUmFu8zbe-bfN7-I3BmpNDZJ3qFWqtTezgSk_R_ZotZ43dLmcgYlB_u6Qh-e-AkGRe0,&typo=1</a><br>
>> _______________________________________________<br>
>> VoiceOps mailing list<br>
>> <a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
>> <a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
</blockquote></div>
<br>_______________________________________________<br>VoiceOps mailing list<br>VoiceOps@voiceops.org<br>https://puck.nether.net/mailman/listinfo/voiceops<br></div><br></div></div></body></html>