Mike, While interesting I am more concerned about actual denial of service attacks. Like if I hacked a couple hundred elastix pbxs and used their capabilities to hammer a customer's main number during business hours. Even though they have 50 call paths on their sip trunk it would be saturated easily and reacting takes time. Hours or more? And that assumes a trivial attack without obfuscating the calls in some fashion. Matt ________________________________ From: Mike Ray, MBA, CNE, CTE <mike at astrocompanies.com> Sent: Tuesday, May 16, 2017 7:29:49 PM To: Matthew Yaklin; 'Alex Balashov' Cc: voiceops at voiceops.org Subject: RE: [VoiceOps] Mitigating or stopping TDOS attacks - any advice? Hi Matt, You may want to look into Nomorobo. We certified with them some time ago, and they have a very interesting way of doing this. Regards, Mike Mike Ray, MBA, CNE, CTE Astro Companies, LLC 11523 Palm Brush Trail #401 Lakewood Ranch, FL 34202 DIRECT: call or text 941 600-0207 http://www.astrocompanies.com From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Matthew Yaklin Sent: Tuesday, May 16, 2017 6:22 PM To: Alex Balashov <abalashov at evaristesys.com> Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Mitigating or stopping TDOS attacks - any advice? I noticed how you mentioned asterisk and if it could handle that many calls and you seemed skeptical. Probably based on experience. After all these years I thought a single asterisk server could handle more calls in a stable fashion but it appears not. Once past 500 concurrent calls, depending on hardware and config, things start to get sketchy. It has been a while since I last used asterisk for a VM server or pbx. Those days seem long ago. Over the years we have had customers experience TDOS. While we have no current customer experiencing the issue today we wanted to research our options just in case. It seems metaswitch has a cloud based robocall blocking feature we just read about. I have to wonder if that hook in the switch could be used for something. As others have said though... gathering all this cdr info, analyzing it, and then blocking certain calls while keeping good ones is quite the task to program. And to do it really fast. One can stop trivial attacks that have a pattern but a determined attacker can be quite crafty. Thank you everyone, Matt ________________________________ From: sasha at evaristesys.com<mailto:sasha at evaristesys.com> <sasha at evaristesys.com<mailto:sasha at evaristesys.com>> on behalf of Alex Balashov <abalashov at evaristesys.com<mailto:abalashov at evaristesys.com>> Sent: Tuesday, May 16, 2017 5:01:04 PM To: Matthew Yaklin Cc: voiceops at voiceops.org<mailto:voiceops at voiceops.org> Subject: Re: [VoiceOps] Mitigating or stopping TDOS attacks - any advice? A "voice CAPTCHA" is a viable solution. But it does require infrastructure commitments on your part, even if, as you say, an Asterisk box can handle many concurrent calls. If you want to recycle that across multiple customers, that kind of moat can get mildly complicated. The only concern I would have is from a user experience point of view; your customer might not want their callers to have to go through a confusing menu, and it would doubtless be psychologically off-putting. I don't know what kind of business the customer is, but imagine if you called your dentist's office and were prompted to enter some sort of PIN. As a layperson, you might think something is wrong with the phone system. -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/