INSERT INTO 'voiceops' SET rant='rambling' WHERE day='friday' "TelePacific Network Outage: Cyber-Terrorism?" ... Translates into nothing more than a typical Denial of Service attack. According to the article description: "cyber attack choked our servers and resulted in a significant loss of service to customers ? in most cases an inability to make and receive calls." But the attack did not impact customers' Internet or data services. " now according to my experience, this is likely an attacker or attackers, simply doing routine SIP account enumeration and registration attempts a-la SIPVicious. Recently (three days ago to be exact), I had one of my Internet facing PBXs experience the same exact symptoms: No calls in, no calls out. The system you see was being hammered by an American webhosting company. After firewalling the culprits via the PBX, calls coming in were coming in sporadically when the attacker packet count was on the low side (remember I said Internet facing, so I could not block all packets as I normally would.) This was likely because, although blocked, the attacker was still sending data that needed to be processed (remember the firewall needs to check the incoming data against firewall rules and make a decision: allow, drop or reject). After blocking them, I then - via LinkedIn - decided to "speed up" the abuse reporting process. Now, because abuse desks are almost as useful as a public lost and found desk in the middle of NYC, after sending the message to the hosting company, I then contacted the or VP of the relevant department at the hosting company (via LinkedIn) who was gracious enough to pass the information along... right back to his abuse department. Six hours after LinkedIn, 18 or so hours into the attack, when abuse desk staff decided to check slash resolve the issue, they asked for the address of the server being attacked, so they could report it to the attacker: "Hey Mr. Attacker, you've been attacking address 2.3.4.5 so we cut you off", no thanks I replied to the hosting company. If they needed a packet capture for their own analysis, so be it, but there would be no way I would effectively point the finger at my managed PBX and allow the attacker to attack from elsewhere. (Mind you, the address was included in the initial report anyway, but hey, who reads those). Anyhow, enough of this. Nothing to see here (terrorism)... Move along. Then again, I guess in the interest of fairness, maybe I should call the FBI as well every time something computer related comes along. Not that they'll respond, but I'm starting to wonder, was that just some organized crime group trying to perform toll-fraud or was it an act of terrorism. Yipes, my servers are to be beheaded via evil packets. Maybe I can get them to respond to some of the "syndicate carriers" who terrorize me with their bills when they promised: "oh sure, we can catch and halt that fraud for you..." ; -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF