Bandwidth having issues

dbeato

@jaredbusch A lot of VoIP Providers have notified us that they are having issues with Inbound calls today for some reason. Dealing with that a lot today.

Dashrender

Dashrender

syko24

Soooo where do we go from here?

I ended up staying with VOIP.MS with the mindset that they would put better mitigations in place and this would cool down. Although they poorly communicated with their customers, I feel they did end up getting their service back on track. Now that Bandwidth is being targeted, is this just a sign of what's to come to the other carriers? Assuming this was another DDoS, can this really be fully mitigated?

Dashrender

@syko24 said in Bandwidth having issues:

Soooo where do we go from here?

I ended up staying with VOIP.MS with the mindset that they would put better mitigations in place and this would cool down. Although they poorly communicated with their customers, I feel they did end up getting their service back on track. Now that Bandwidth is being targeted, is this just a sign of what's to come to the other carriers? Assuming this was another DDoS, can this really be fully mitigated?

I'm curious to see what Scott and Jared say to this.

krzykat

@syko24 Why would you stay with a carrier that so badly created an infrastructure that was so easily compromised? I'd think you want to stay with someone that has thought about these measures ahead of time and stays in front of the curve and not be reactionary to it after the fact. I, like Jared have spoken to the president of Skyetel and I have to tell you - they've built theirs from the ground up with these concerns and considerations in mind. They are very confident that their infrastructure is solid on this and based on the confidential talks I've had with them, I'm pretty confident as well.

syko24

@krzykat said in Bandwidth having issues:

@syko24 Why would you stay with a carrier that so badly created an infrastructure that was so easily compromised? I'd think you want to stay with someone that has thought about these measures ahead of time and stays in front of the curve and not be reactionary to it after the fact. I, like Jared have spoken to the president of Skyetel and I have to tell you - they've built theirs from the ground up with these concerns and considerations in mind. They are very confident that their infrastructure is solid on this and based on the confidential talks I've had with them, I'm pretty confident as well.

While I don't doubt that @Skyetel has built a robust and redundant system, I am sure that VOIP.MS thought their system was secure prior to these events.

Bandwidth was able to be taken down multiple times now. Even though it was not to the extent of VOIP.MS, knocking them down even for just a couple hours a day is a problem of its own.

My concern is anyone really able to defend against this completely?

scottalanmiller

@krzykat said in Bandwidth having issues:

Why would you stay with a carrier that so badly created an infrastructure that was so easily compromised? I'd think you want to stay with someone that has thought about these measures ahead of time and stays in front of the curve and not be reactionary to it after the fact.

Have to agree here. Voip.ms got exposed for not taking their infrastructure seriously. Profits above customers.

syko24

@scottalanmiller said in Bandwidth having issues:

@krzykat said in Bandwidth having issues:

Why would you stay with a carrier that so badly created an infrastructure that was so easily compromised? I'd think you want to stay with someone that has thought about these measures ahead of time and stays in front of the curve and not be reactionary to it after the fact.

Have to agree here. Voip.ms got exposed for not taking their infrastructure seriously. Profits above customers.

@scottalanmiller While I agree with you, it's hard to say who is ahead of the curve or has the proper security in place until something actually happens. Everyone can say they have the best mitigations in place, but no one really knows until an attack of this size happens.

Voip.ms and others should have woken up after the UK companies were hit a couple weeks ago.

JaredBusch

@syko24 said in Bandwidth having issues:

but no one really knows until an attack of this size happens.

Actually that is not true, because you plan around the largest DDoS ever recorded and go form there.

This is just math. My firewall in front of my application can handle 10 gbps per second. Ok, great. The largest DDoS was something like 2 tbps. So yeah, your firewall is not able to handle it.

Maybe make a plan to swap in AWS or GCP during an attack. Both platforms have firewall options for rent. I bet they can handle 2 tbps also.

Now you say that AWS and GCP charge lots of money for that service? It will hurt your bottom line? Well they also have API and other tools to quickly spin things up on demand.

That is the entire point of cloud computing, scalability on demand. No matter what marketing teams want to say about cloud.

So you design your system to use your tools and have plans in place to implement other tools.

JaredBusch

@scottalanmiller said in Bandwidth having issues:

Profits above customers.

That is speculation. Not saying you are wrong, but it is speculation.

JaredBusch

@syko24 said in Bandwidth having issues:

I am sure that VOIP.MS thought their system was secure prior to these events.

VoIP.ms built their entire stack on top of Asterisk, and that is the main problem.

Asterisk is a great PBX. It can handle a lot of shit. But I would never want to build a carrier on it.

JaredBusch

And the DDoS has resumed against Bandwidth.

Dashrender

@jaredbusch said in Bandwidth having issues:

And the DDoS has resumed against Bandwidth.

I was wondering if it was going to come back today.

JaredBusch

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

Dashrender

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

scottalanmiller

@dashrender said in Bandwidth having issues:

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

Because, I assume, voip.ms was a proof of concept on low hanging, insecure fruit that took minimal effort. An attack on Bandwidth and Verizon is likely thousands of times more intense.

Dashrender

@scottalanmiller said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

@jaredbusch said in Bandwidth having issues:

@dashrender said in Bandwidth having issues:

I was wondering if it was going to come back today.

I assume the attackers are smart enough not to waste resources attacking when the U.S. is not using the phone.

that didn't stop them from running the attack agains VOIP.ms all night... or at least most of it...

And short of using the botnet to attack someone else during the US night, it's no skin off the hacker's teeth to keep it going all the time.

Because, I assume, voip.ms was a proof of concept on low hanging, insecure fruit that took minimal effort. An attack on Bandwidth and Verizon is likely thousands of times more intense.

what other side effects would we expect to see from an attack like that?

Skyetel

The rumors we are hearing is that these attacks are state-sponsored sized, and the attackers are torching everything well before it even gets to the target network (Verizon, Bandwidth, etc). This is not an ordinary attack, and everyone's spooked.

krzykat

@dashrender I've had issues with RFC2833 and had to change some systems with IVR front ends to inband signaling.