Is this idea corny? Perhaps a solution could be like they do for web pages to prove you are human. Direct all the customer's incoming calls to an asterisk box. The asterisk box plays a recording asking for them to type in a digit string that is random for each call. If the person types in the right string.. allow the call. If the wrong string is entered.. drop the call. A beefy asterisk box can handle many calls. Probably more the the switch's incoming trunks if the hardware is up to it. Just use this when needed and after the TDOS fades away.. disable it. Just an idea... probably has several holes in it. --- I also saw this while googling. Not enough info on the web page for me to even guess if the solution really works. https://securelogix.com/threats/telephony-denial-of-service-tdos-attacks/ . I think it uses Splunk on the back end. Matt ________________________________ From: VoiceOps <voiceops-bounces at voiceops.org> on behalf of Alex Balashov <abalashov at evaristesys.com> Sent: Monday, May 15, 2017 1:15:38 PM To: voiceops at voiceops.org Subject: Re: [VoiceOps] Mitigating or stopping TDOS attacks - any advice? On Mon, May 15, 2017 at 01:09:01PM -0400, Ivan Kovacevic wrote:
I think putting this ? ?block the offending traffic pattern? into practice is the crux of the issue. Maybe I am short-sighted or don?t give AI sufficient credit, but I think identifying the offending traffic pattern is not going to be easy (or maybe possible at all).
Anyone initiating a TDOS attack can manipulate the call pattern and caller ID easy enough to make it look like ?normal? traffic.
I suppose it depends on how many concurrent channels/call paths the customer has. Given a very small number, almost any amount of calls can tie them up. But, in general, it's not a DoS attack if it doesn't ... DoS. :-) If the attackers slow down the call setup rate enough that it doesn't meet frequency-based DoS detection, chances are it's not a very impactful attack. Of course, there is a grey area; everything is vague to a degree we do not realise until we try to make it precise (with apologies to Bertrand Russell). -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops