Re: [EXTERNAL] VoIP Provider DDoSes

["Compton, Rich A" <Rich.Compton () charter com>]

Most of the larger DDoS mitigation appliances can block malformed SIP traffic and also can block volumetric/state 
exhaustion UDP floods.  A lot of VoIP companies have Session Border Controllers (SBCs) to protect public facing VoIP 
services.  SBCs are more application aware.  Kind of like a proxy based firewall just for VoIP.

-Rich

From: NANOG <nanog-bounces+rich.compton=charter.com () nanog org> on behalf of Mike Hammett <nanog () ics-il net>
Date: Tuesday, September 21, 2021 at 3:31 PM
To: NANOG list <nanog () nanog org>
Subject: [EXTERNAL] VoIP Provider DDoSes

CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking 
links, or following guidance.
As many may know, a particular VoIP supplier is suffering a DDoS. https://twitter.com/voipms

Are your garden variety DDoS mitigation platforms or services equipped to handle DDoSes of VoIP services? What nuances 
does one have to be cognizant of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain 
confidential and/or legally privileged information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this 
message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly prohibited.