ThePythonicCow
5th October 2012, 22:55
My VOIP phone service, Callcentric (http://www.callcentric.com/), has been off the air for some of its customers, for some of the last couple of days.
Turns out it was a Distributed Denial of Service (DDoS) attack. The recent attacks on the online banking websites of some major US banks were also a DDoS attacks, though the details may well vary (I've no way to know.)
Here's the explanation that Callcentric is providing their registered customers:
For the past two days we have been experiencing a sophisticated type of attack. As soon we noticed the first attempt we commenced an immediate physical upgrade to all of our servers increasing capacity and CPU power by a factor of four in addition to other precautions. Unfortunately even though this is similar to a "typical" DDoS attack it is targeted specifically at the SIP protocol and causes server load to increase to 100% within 1 minute of initiation. As such, standard and extraordinary prevention measures were unable to prevent it. We do not know the specific methodology of the attack but are aware that it is *similar* in effect to a DNS TRASH flood attack. We are performing forensic analysis on the data we have and are capturing traffic to find an exact reason and solution.
We would like to clarify that there was no intrusion into our network and all of our servers switches and internet connections have been functioning *normally* throughout the entirety of this concern. None of our equipment or interlinks were disconnected or went down. Additionally please note that all of your information is encrypted, safe and secure; and that NO customer data was stolen NOR destroyed.
We have been working as aggressively as possible throughout the day/night and we have found a short term work-around which will provide immediate relief and allow calls to function normally. This will require updating your configuration slightly. Please re-configure your software/hardware with the following information:
Their re-configuration involved changing the hostname of the DNS server that my local telephone adapter (a SPA2102 (http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps10024/ps10026/data_sheet_c78-502137.html)) uses to connect with the Internet.
Such DDoS attacks have happened now and then, for many websites, over the years. Whether this event is just another one of "those sorts of random attacks", or whether it is one more element of an effort by the Bastards in Power to ramp up the fear level of Internet users ... that I can't tell yet.
Turns out it was a Distributed Denial of Service (DDoS) attack. The recent attacks on the online banking websites of some major US banks were also a DDoS attacks, though the details may well vary (I've no way to know.)
Here's the explanation that Callcentric is providing their registered customers:
For the past two days we have been experiencing a sophisticated type of attack. As soon we noticed the first attempt we commenced an immediate physical upgrade to all of our servers increasing capacity and CPU power by a factor of four in addition to other precautions. Unfortunately even though this is similar to a "typical" DDoS attack it is targeted specifically at the SIP protocol and causes server load to increase to 100% within 1 minute of initiation. As such, standard and extraordinary prevention measures were unable to prevent it. We do not know the specific methodology of the attack but are aware that it is *similar* in effect to a DNS TRASH flood attack. We are performing forensic analysis on the data we have and are capturing traffic to find an exact reason and solution.
We would like to clarify that there was no intrusion into our network and all of our servers switches and internet connections have been functioning *normally* throughout the entirety of this concern. None of our equipment or interlinks were disconnected or went down. Additionally please note that all of your information is encrypted, safe and secure; and that NO customer data was stolen NOR destroyed.
We have been working as aggressively as possible throughout the day/night and we have found a short term work-around which will provide immediate relief and allow calls to function normally. This will require updating your configuration slightly. Please re-configure your software/hardware with the following information:
Their re-configuration involved changing the hostname of the DNS server that my local telephone adapter (a SPA2102 (http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps10024/ps10026/data_sheet_c78-502137.html)) uses to connect with the Internet.
Such DDoS attacks have happened now and then, for many websites, over the years. Whether this event is just another one of "those sorts of random attacks", or whether it is one more element of an effort by the Bastards in Power to ramp up the fear level of Internet users ... that I can't tell yet.