On Mon, May 15, 2017 at 01:09:01PM -0400, Ivan Kovacevic wrote:
I think putting this ? ?block the offending traffic pattern? into practice is the crux of the issue. Maybe I am short-sighted or don?t give AI sufficient credit, but I think identifying the offending traffic pattern is not going to be easy (or maybe possible at all).
Anyone initiating a TDOS attack can manipulate the call pattern and caller ID easy enough to make it look like ?normal? traffic.
I suppose it depends on how many concurrent channels/call paths the customer has. Given a very small number, almost any amount of calls can tie them up. But, in general, it's not a DoS attack if it doesn't ... DoS. :-) If the attackers slow down the call setup rate enough that it doesn't meet frequency-based DoS detection, chances are it's not a very impactful attack. Of course, there is a grey area; everything is vague to a degree we do not realise until we try to make it precise (with apologies to Bertrand Russell). -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/