PDA

View Full Version : Another Internet attack - on my VOIP phone service



Paul
5th October 2012, 22:55
My VOIP phone service, Callcentric (http://www.callcentric.com/), has been off the air for some of its customers, for some of the last couple of days.

Turns out it was a Distributed Denial of Service (DDoS) attack. The recent attacks on the online banking websites of some major US banks were also a DDoS attacks, though the details may well vary (I've no way to know.)

Here's the explanation that Callcentric is providing their registered customers:




For the past two days we have been experiencing a sophisticated type of attack. As soon we noticed the first attempt we commenced an immediate physical upgrade to all of our servers increasing capacity and CPU power by a factor of four in addition to other precautions. Unfortunately even though this is similar to a "typical" DDoS attack it is targeted specifically at the SIP protocol and causes server load to increase to 100% within 1 minute of initiation. As such, standard and extraordinary prevention measures were unable to prevent it. We do not know the specific methodology of the attack but are aware that it is *similar* in effect to a DNS TRASH flood attack. We are performing forensic analysis on the data we have and are capturing traffic to find an exact reason and solution.

We would like to clarify that there was no intrusion into our network and all of our servers switches and internet connections have been functioning *normally* throughout the entirety of this concern. None of our equipment or interlinks were disconnected or went down. Additionally please note that all of your information is encrypted, safe and secure; and that NO customer data was stolen NOR destroyed.

We have been working as aggressively as possible throughout the day/night and we have found a short term work-around which will provide immediate relief and allow calls to function normally. This will require updating your configuration slightly. Please re-configure your software/hardware with the following information:

Their re-configuration involved changing the hostname of the DNS server that my local telephone adapter (a SPA2102 (http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps10024/ps10026/data_sheet_c78-502137.html)) uses to connect with the Internet.

Such DDoS attacks have happened now and then, for many websites, over the years. Whether this event is just another one of "those sorts of random attacks", or whether it is one more element of an effort by the Bastards in Power to ramp up the fear level of Internet users ... that I can't tell yet.

TargeT
6th October 2012, 00:07
DDoS is really the only thing left as far as "hacking" attacks go, most companies are very diligent about information security and have enough things in place to prevent anything but a DDoS (which are usually excited by a large number of "bots" or "zombie computers" aka computers infected with software that allows remote control, these "bot nets" are comprised of grandma's computer & the laptop that someone forgot was plugged in and on the network etc...& thus are hard to defend against )

if this attack is highlighted in the news & leveraged for the fear factor I would start to question the motives behind the attack, if it's not it's probably just an opportunistic thing by random online D-bags....

eni-al
6th October 2012, 04:02
Its probably a random attack, though who knows. DDoS attacks pretty annoying, does nothing much, is easily conducted if you know how, most sites and services recover after days.
Maybe there could have been something going through the service that someone wanted to disrupt, though the computers are likely all over the world, so is difficult to trace and route who did it.
There are people who do get laughs out of taking down services and sites, no matter how popular, got to wonder why.

ghostrider
6th October 2012, 04:47
don't know if this is connected but, my wife's phone calls me whenever without her even removing the phone from her purse. My phone rings with a different ringer and it shouldn't, my wife called and it was someone else talking in with her on our conversation, we had to hang up and call again, weird ?? lots of static these days for a week or so. Co-workers saying the same problem phone just rings and the other end doesn't know they have called, listened to group conversations and they had no idea we were on the line. very weird stuff this week ...

Shamz
6th October 2012, 04:54
Hi Paul,

Yes it looks like it is a random attack of hacking...or not so random - in the sense these guys or Organizations are very sophisticated and they know exactly what they are doing. I have read many articles and research on these group of hackers...who would hack into any systems...even defence or NASA etc.. but most of them are in for making money - so they would hack into servers of companies providing basic service such as telephone, electricity, gas or other services. In many cases a regular customer will not even know about these hacks - as they deal with the companies directly - blackmailing them into giving thousands if not millions of dollars - in return they would not disclose how vulnerable their systems/servers are -- or they would hack SSN or credit card numbers saved on the servers and threatened to upload on websites if they don't pay them.
Very recently there are news about some people hacking into small business owners - getting all their customer data...sales data - and blackmailing them for thousands of dollars otherwise they will delete all this. These are just few examples.
Just be aware when you are online and don't click on anything which you don't trust. Never use your DEBIT/ATM card online - its your real money thats at stake
But for VOIP interruption of service - its more likely random or one of the above scenarios.

Much love

Paul
16th October 2012, 22:50
Dang - still a problem over a week later.

A recent twitter.com/callcentric post from earlier today:



ATTN: Due to renewed attacks this morning, services are negatively affected. 911 users please use backup solutions until further notice.

12:36 PM - 16 Oct 12

Voice quality of calls totally sucks -- dropouts of a half second per second.

But very little discussion of this on the Web -- a google search for the problem finds one meaningful discussion -- this Avalon thread :).

GetVOIP.com mentions the attack here: CallCentric Endures Sophisticated DDoS Attack (http://getvoip.com/news/2012/10/08/callcentric-endures-sophisticated-ddos-attack)

Cjay
17th October 2012, 01:19
Its probably a random attack, though who knows. DDoS attacks pretty annoying, does nothing much, is easily conducted if you know how, most sites and services recover after days.
Maybe there could have been something going through the service that someone wanted to disrupt, though the computers are likely all over the world, so is difficult to trace and route who did it.
There are people who do get laughs out of taking down services and sites, no matter how popular, got to wonder why.

DDoS attacks are not random, they are specifically targetted/co-ordinated attacks.

Paul
17th October 2012, 02:24
DDoS attacks are not random, they are specifically targetted/co-ordinated attacks.
They can be targeted from the point of view of the perpetrator, but random from a point of view of the clue deprived victim, ... at the same time :).