nanog mailing list archives

Re: VoIP Provider DDoSes

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Wed, 22 Sep 2021 15:39:50 -0400

On Wed, Sep 22, 2021 at 11:27 AM Mike Hammett <nanog () ics-il net> wrote:

Fail2Ban on a couple of dozen servers may not be sufficient to address 400
gigs of traffic.

<you own me a keyboard>

Also, also.. keep in mind that 'fail2ban' does some processing on the log
messages to which it MAY take action.
It's taking, essentially, untrusted external input and ... acting as 'root'.

that sounds like a recipe for a disaster, to me... is the code utf-8 safe?
are the actions it takes safe in the context of whatever PTR record content
may come down the pipe? or apache(equivalent) log message parsing?

<shudder>



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

------------------------------
*From: *"Terrance Devor" <ter.devor () gmail com>
*To: *"Mike Hammett" <nanog () ics-il net>
*Cc: *"NANOG" <nanog () nanog org>
*Sent: *Wednesday, September 22, 2021 10:24:07 AM
*Subject: *Re: VoIP Provider DDoSes

Fail2Ban and give ourselves a pat on the back..

On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett <nanog () ics-il net> wrote:

https://twit.tv/shows/security-now/episodes/837?autostart=false


It looks like Security Now covered this yesterday. They claimed that,
"There  is  currently  no  provider of  large  pipe  VoIP  protocol  DDoS
 protection."

Are any of the cloud DDoS mitigation services offering a service like
this.

------------------------------
*From: *"Mike Hammett" <nanog () ics-il net>
*To: *"NANOG" <nanog () nanog org>
*Sent: *Tuesday, September 21, 2021 4:19:42 PM
*Subject: *VoIP Provider DDoSes

As many may know, a particular VoIP supplier is suffering a DDoS.
https://twitter.com/voipms

Are your garden variety DDoS mitigation platforms or services equipped to
handle DDoSes of VoIP services? What nuances does one have to be cognizant
of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

Current thread:

Re: VoIP Provider DDoSes, (continued)
- - - Re: VoIP Provider DDoSes Michael Thomas (Sep 21)
    - Re: VoIP Provider DDoSes james jones (Sep 21)
  - Re: VoIP Provider DDoSes Mike Hammett (Sep 21)
- Re: VoIP Provider DDoSes Mike Hammett (Sep 22)
  - Re: EXTERNAL: Re: VoIP Provider DDoSes Ray Orsini (Sep 22)
    - Re: EXTERNAL: Re: VoIP Provider DDoSes K. Scott Helms (Sep 22)
    - Re: EXTERNAL: Re: VoIP Provider DDoSes Mike Hammett (Sep 27)
    - Re: EXTERNAL: Re: VoIP Provider DDoSes Eric Kuhnke (Sep 28)
  - Re: VoIP Provider DDoSes Terrance Devor (Sep 22)
    - Re: VoIP Provider DDoSes Mike Hammett (Sep 22)
    - Re: VoIP Provider DDoSes Christopher Morrow (Sep 22)