VoIP Provider DDoSes

• Previous message (by thread): VoIP Provider DDoSes
• Next message (by thread): [EXTERNAL] VoIP Provider DDoSes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 22, 2021 at 11:27 AM Mike Hammett <nanog at ics-il.net> wrote:

> Fail2Ban on a couple of dozen servers may not be sufficient to address 400
> gigs of traffic.
>
>
<you own me a keyboard>

Also, also.. keep in mind that 'fail2ban' does some processing on the log
messages to which it MAY take action.
It's taking, essentially, untrusted external input and ... acting as 'root'.

that sounds like a recipe for a disaster, to me... is the code utf-8 safe?
are the actions it takes safe in the context of whatever PTR record content
may come down the pipe? or apache(equivalent) log message parsing?

<shudder>


>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> ------------------------------
> *From: *"Terrance Devor" <ter.devor at gmail.com>
> *To: *"Mike Hammett" <nanog at ics-il.net>
> *Cc: *"NANOG" <nanog at nanog.org>
> *Sent: *Wednesday, September 22, 2021 10:24:07 AM
> *Subject: *Re: VoIP Provider DDoSes
>
> Fail2Ban and give ourselves a pat on the back..
>
> On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett <nanog at ics-il.net> wrote:
>
>> https://twit.tv/shows/security-now/episodes/837?autostart=false
>>
>>
>> It looks like Security Now covered this yesterday. They claimed that,
>> "There  is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS
>>  protection."
>>
>> Are any of the cloud DDoS mitigation services offering a service like
>> this.
>>
>> ------------------------------
>> *From: *"Mike Hammett" <nanog at ics-il.net>
>> *To: *"NANOG" <nanog at nanog.org>
>> *Sent: *Tuesday, September 21, 2021 4:19:42 PM
>> *Subject: *VoIP Provider DDoSes
>>
>> As many may know, a particular VoIP supplier is suffering a DDoS.
>> https://twitter.com/voipms
>>
>> Are your garden variety DDoS mitigation platforms or services equipped to
>> handle DDoSes of VoIP services? What nuances does one have to be cognizant
>> of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
>>
>>
>>
>> -----
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>>
>> Midwest-IX
>> http://www.midwest-ix.com
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210922/e302eb30/attachment.html>

• Previous message (by thread): VoIP Provider DDoSes
• Next message (by thread): [EXTERNAL] VoIP Provider DDoSes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]