Sipura VoIP phone adapters and DoS against name servers

• Previous message (by thread): Sipura VoIP phone adapters and DoS against name servers
• Next message (by thread): Sipura VoIP phone adapters and DoS against name servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Get in contact with manufacturing vender for a fix,
and then tell us what they did or what they intend
to do to remedy the problem.

-Henry


--- sthaug at nethelp.no wrote:
> 
> Last night we configured our equipment to reject
> recursive DNS lookups
> from non-customers. This morning, soon after normal
> office hours began,
> we started receiving around 2500 DNS lookups per
> second more than normal
> to our recursive name servers.
> 
> After analyzing the DNS lookups, we found that all
> of the extra traffic
> was generated from customers of a local VoIP
> provider which uses Sipura
> (SPA-2000) phone adapters. It seems that when these
> adapters don't
> receive answers to their DNS queries, they will
> retransmit the query
> once per second (until they receive an answer).
> Multiply by number of
> adapters, and you have the recipe for a nice DoS.
> 
> Shades of Netgear NTP DoS
> (http://www.cs.wisc.edu/~plonka/netgear-sntp/)
> - don't vendors ever learn?
> 
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
> 

• Previous message (by thread): Sipura VoIP phone adapters and DoS against name servers
• Next message (by thread): Sipura VoIP phone adapters and DoS against name servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]