TDM voice DOS
harbor235
harbor235 at gmail.com
Tue Aug 16 17:01:20 UTC 2011
the complication is that the the attack victim is not IP .......... Can't
turn up a firewall or router
to mitigate.
mike
On Tue, Aug 16, 2011 at 12:57 PM, Charles N Wyble
<charles at knownelement.com>wrote:
> On 08/16/2011 11:46 AM, harbor235 wrote:
>
>> Anyone been involved with TDM voice DOS attacks? My thoughts are that if
>> the
>> phone
>> call originates as an IP call somewhere in the wild, then typical abuse
>> security incident notifications may help
>> in the interim.
>>
>
> Indeed. Though I suppose it depends on where they come from. Probably
> originate in various nasty neighborhoods of the net.
>
>
> At least potentially identify through customer records or
>> make them move on where they eventually slip up.
>>
>
> Right.
>
>
> If the abuse originates as IP what obligations do foreign service providers
>> (friendly?) have to
>> identify and mitigate?
>>
>
> Well I work at a very large shared hosting provider. Our upstream provider
> gets abuse complaints and a ticket lands in our queue telling us to clean up
> or the box gets dropped off the net (anywhere from 4 to 48 hour warning
> window).
>
> I'm guessing that most large service providers have similar procedures in
> place? Just hit up the abuse contacts for the IP range. Doesn't matter
> where the destination is, what media etc. If it originates on an IP
> network/device, it can be dealt with that way.
>
> However the bad guys probably aren't using the large providers, as they
> usually operate 24x7 abuse desks, which means rapid ban hammering. :)
>
>
> How can the community respond to service providers
>> who fail to
>> clean up their customer base?
>>
>
> iptables -s x.x.x.x/8 -j DROP (modify to your local site firewall drug of
> choice).
>
>
>
More information about the NANOG
mailing list