FYI, UTRS (Unwanted Traffic Removal Service https://team-cymru.com/community-services/utrs/) from Team Cymru is a free service where you can send a blackhole advertisement (sacrificing the one IP that’s under attack to save the rest of the network) and they will propagate that via BGP to hundreds of other ASNs which will then blackhole traffic to that IP. This can drastically reduce the amount of DDoS traffic that is received by the victim network.
-Rich
From: NANOG <nanog-bounces+rich.compton=charter.com@nanog.org> on behalf of Mike Hammett <nanog@ics-il.net>
Date: Wednesday, September 22, 2021 at 9:29 AM
To: Terrance Devor <ter.devor@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Subject: [EXTERNAL] Re: VoIP Provider DDoSes
CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.
Fail2Ban on a couple of dozen servers may not be sufficient to address 400 gigs of traffic.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
________________________________
From: "Terrance Devor" <ter.devor@gmail.com>
To: "Mike Hammett" <nanog@ics-il.net>
Cc: "NANOG" <nanog@nanog.org>
Sent: Wednesday, September 22, 2021 10:24:07 AM
Subject: Re: VoIP Provider DDoSes
Fail2Ban and give ourselves a pat on the back..
On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett <nanog@ics-il.net<mailto:nanog@ics-il.net>> wrote:
https://twit.tv/shows/security-now/episodes/837?autostart=false
It looks like Security Now covered this yesterday. They claimed that, "There is currently no provider of large pipe VoIP protocol DDoS protection."
Are any of the cloud DDoS mitigation services offering a service like this.
________________________________
From: "Mike Hammett" <nanog@ics-il.net<mailto:nanog@ics-il.net>>
To: "NANOG" <nanog@nanog.org<mailto:nanog@nanog.org>>
Sent: Tuesday, September 21, 2021 4:19:42 PM
Subject: VoIP Provider DDoSes
As many may know, a particular VoIP supplier is suffering a DDoS. https://twitter.com/voipms
Are your garden variety DDoS mitigation platforms or services equipped to handle DDoSes of VoIP services? What nuances does one have to be cognizant of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
-Rich
From: NANOG <nanog-bounces+rich.compton=charter.com@nanog.org> on behalf of Mike Hammett <nanog@ics-il.net>
Date: Wednesday, September 22, 2021 at 9:29 AM
To: Terrance Devor <ter.devor@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Subject: [EXTERNAL] Re: VoIP Provider DDoSes
CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.
Fail2Ban on a couple of dozen servers may not be sufficient to address 400 gigs of traffic.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
________________________________
From: "Terrance Devor" <ter.devor@gmail.com>
To: "Mike Hammett" <nanog@ics-il.net>
Cc: "NANOG" <nanog@nanog.org>
Sent: Wednesday, September 22, 2021 10:24:07 AM
Subject: Re: VoIP Provider DDoSes
Fail2Ban and give ourselves a pat on the back..
On Wed, Sep 22, 2021 at 9:12 AM Mike Hammett <nanog@ics-il.net<mailto:nanog@ics-il.net>> wrote:
https://twit.tv/shows/security-now/episodes/837?autostart=false
It looks like Security Now covered this yesterday. They claimed that, "There is currently no provider of large pipe VoIP protocol DDoS protection."
Are any of the cloud DDoS mitigation services offering a service like this.
________________________________
From: "Mike Hammett" <nanog@ics-il.net<mailto:nanog@ics-il.net>>
To: "NANOG" <nanog@nanog.org<mailto:nanog@nanog.org>>
Sent: Tuesday, September 21, 2021 4:19:42 PM
Subject: VoIP Provider DDoSes
As many may know, a particular VoIP supplier is suffering a DDoS. https://twitter.com/voipms
Are your garden variety DDoS mitigation platforms or services equipped to handle DDoSes of VoIP services? What nuances does one have to be cognizant of? A WAF doesn't mean much to SIP, IAX2, RTP, etc.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.