Bandwidth having issues

JaredBusch

@syko24 said in Bandwidth having issues:

but no one really knows until an attack of this size happens.

Actually that is not true, because you plan around the largest DDoS ever recorded and go form there.

This is just math. My firewall in front of my application can handle 10 gbps per second. Ok, great. The largest DDoS was something like 2 tbps. So yeah, your firewall is not able to handle it.

Maybe make a plan to swap in AWS or GCP during an attack. Both platforms have firewall options for rent. I bet they can handle 2 tbps also.

Now you say that AWS and GCP charge lots of money for that service? It will hurt your bottom line? Well they also have API and other tools to quickly spin things up on demand.

That is the entire point of cloud computing, scalability on demand. No matter what marketing teams want to say about cloud.

So you design your system to use your tools and have plans in place to implement other tools.

JaredBusch

@scottalanmiller said in Bandwidth having issues:

Profits above customers.

That is speculation. Not saying you are wrong, but it is speculation.

JaredBusch

@syko24 said in Bandwidth having issues:

I am sure that VOIP.MS thought their system was secure prior to these events.

VoIP.ms built their entire stack on top of Asterisk, and that is the main problem.

Asterisk is a great PBX. It can handle a lot of shit. But I would never want to build a carrier on it.

JaredBusch

And the DDoS has resumed against Bandwidth.

Dashrender

@jaredbusch said in Bandwidth having issues:

And the DDoS has resumed against Bandwidth.

I was wondering if it was going to come back today.

JaredBusch

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

Dashrender

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

scottalanmiller

@dashrender said in Bandwidth having issues:

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

Because, I assume, voip.ms was a proof of concept on low hanging, insecure fruit that took minimal effort. An attack on Bandwidth and Verizon is likely thousands of times more intense.

Dashrender

@scottalanmiller said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

Because, I assume, voip.ms was a proof of concept on low hanging, insecure fruit that took minimal effort. An attack on Bandwidth and Verizon is likely thousands of times more intense.

what other side effects would we expect to see from an attack like that?

Skyetel

The rumors we are hearing is that these attacks are state-sponsored sized, and the attackers are torching everything well before it even gets to the target network (Verizon, Bandwidth, etc). This is not an ordinary attack, and everyone's spooked.

krzykat

@dashrender I've had issues with RFC2833 and had to change some systems with IVR front ends to inband signaling.

krzykat

@jaredbusch I've got my PBX's pretty well locked down by using FQDN, but now all this is making me think ... do I need to add the DDoS feature set on all my Vultr instances? What's everyone else do?

scottalanmiller

@dashrender said in Bandwidth having issues:

@scottalanmiller said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

Because, I assume, voip.ms was a proof of concept on low hanging, insecure fruit that took minimal effort. An attack on Bandwidth and Verizon is likely thousands of times more intense.

what other side effects would we expect to see from an attack like that?

not much, the telephony infrastructure is so small and fragile compared to the Internet.

scottalanmiller

@krzykat said in Bandwidth having issues:

@jaredbusch I've got my PBX's pretty well locked down by using FQDN, but now all this is making me think ... do I need to add the DDoS feature set on all my Vultr instances? What's everyone else do?

No, why? WE are not targets. If someone decided to DDOS by a state, you are screwed. Period. Nothing is going to stop that at any of our scales.

scottalanmiller

Also, no state would ever do that, because it's ridiculous. That's almost equivalent to a foreign government hiring assassins to go to your house and take you out. Unless you are someone insanely important, that is never going to happen. Too expensive, too much risk, no payback.

Even at a state level, attacks are always an economic game.

krzykat

@scottalanmiller I was thinking more of do they try to take down Vultr

dbeato

@scottalanmiller Isn't that still something close to that that VoiP.MS experienced? and granted they didn't have CLoudflare setup on their main site ahead of this.

scottalanmiller

@krzykat said in Bandwidth having issues:

@scottalanmiller I was thinking more of do they try to take down Vultr

Then just move to another provider. Just have backups.

Hard to imagine Vultr being a target, but plausible.

scottalanmiller

@dbeato said in Bandwidth having issues:

@scottalanmiller Isn't that still something close to that that VoiP.MS experienced? and granted they didn't have CLoudflare setup on their main site ahead of this.

No, the degree of lazy and incompetent at voip.ms is pretty extreme. Not even the level of DDoS protection any mom and pop shop should have with minimal competence. Like there is not being good, and there is not even trying. And voip.ms fell into not trying at all category, it sounds like.

scottalanmiller

@dbeato said in Bandwidth having issues:

@scottalanmiller Isn't that still something close to that that VoiP.MS experienced? and granted they didn't have CLoudflare setup on their main site ahead of this.

voip.ms is a telephone backend provider, not a small non-networking firm like all of us. None of us are targets or at that kind of networking scale, in any way. None of us can be attacked in a DDoS to take out our customers. voip.ms represented the physical infrastructure of tens of thousands of customers, and didn't even do the basics, as I understand it.