Re: TDM voice DOS

[harbor235 <harbor235 () gmail com>]

the complication is that the the attack victim is not IP .......... Can't
turn up a firewall or router
to mitigate.


mike

On Tue, Aug 16, 2011 at 12:57 PM, Charles N Wyble
<charles () knownelement com>wrote:

> On 08/16/2011 11:46 AM, harbor235 wrote:
>
> > Anyone been involved with TDM voice DOS attacks? My thoughts are that if
> > the
> > phone
> > call originates as an IP call somewhere in the wild, then typical abuse
> > security incident notifications may help
> > in the interim.
>
> Indeed. Though I suppose it depends on where they come from. Probably
> originate in various nasty neighborhoods of the net.
>
>
>  At least potentially identify through customer records or
> > make them move on where they eventually slip up.
>
> Right.
>
>
> If the abuse originates as IP what obligations do foreign service providers
> > (friendly?) have to
> > identify and mitigate?
>
> Well I work at a very large shared hosting provider. Our upstream provider
> gets abuse complaints and a ticket lands in our queue telling us to clean up
> or the box gets dropped off the net (anywhere from 4 to 48 hour warning
> window).
>
> I'm guessing that most large service providers have similar procedures in
> place? Just hit up the abuse contacts for the IP range.  Doesn't matter
> where the destination is, what media etc. If it originates on an IP
> network/device, it can be dealt with that way.
>
> However the bad guys probably aren't using the large providers, as they
> usually operate 24x7 abuse desks,  which means rapid ban hammering.  :)
>
>
>  How can the community respond to service providers
> > who fail to
> > clean up their customer base?
>
> iptables -s x.x.x.x/8 -j DROP  (modify to your local site firewall drug of
> choice).