Bleeping Computers story on all this mess:
Bandwidth.com is latest victim of DDoS attacks against VoIP providers (bleepingcomputer.com)
Go Cloudflare!
1 Like
Since this morning 8 AM, they are back with Arbor. So either Arbor has expanded their infrastructure overnight, or the attackers have realized that all it takes for Bandwidth to stop the attack is bring in Cloudflare to the picture. So I guess itâs game over?
Wish I knew - this has given me ulcers this week!
Collectively, all the security people in the world need to get together and figure out how to nullify the power of the DDoS - I wish I know what that answer is, but I am just a little company in New Mexico trying to make my customers phones ring!
I (for one) feel very vulnerable right now.
There are mitigation methods out there. Providers with crap-tons of bandwidth, BGP flowspec, etc. Cloudflare has some good info about how they handle things --> https://www.cloudflare.com/ddos/. For a smaller provider, or an organization thatâs using a smaller provider, thatâs where it gets tougher.
but do they currently have solutions for real-time communication protocols likes SIP
It doesnât appear so, but whoâs to say that they were only pegging SIP and other related services? DDoS couldâve been on any number of services.
there is already a DDoS mitigation vendor which is being used by a giant Tier 1 carrier https://www.nexusguard.com/ but Iâm not going to say who because you guys donât like names
and they are specifically designed for SIP DDoS protection
How will we as clients be able to implement that?
ideally you want it deployed on your tear one upstream inbound carrier, they claim they can handle multi-terabit-per-second attacks but, I guess if you are a service provider and people are registering to your servers itâs not enough youâre Upstream carrier to have this implementation and you should also deploy it on your infrastructure, you can use their cloud or they give you the Dell mx7000 as an appliance if you got that multi-terabit-per-second Connection in house
Still not quite sure what you are suggesting, should one move oneâs name server to https://www.nexusguard.com/ ?
If so would we still have control over our other DNS records?
The platform delivers access to Nexusguardâs full suite of DDoS mitigation service offerings: CleanPipe, Application Protection (AP), Origin Protection (OP) and DNS Protection (DP), covering protection against multi-vector DDoS attacks directed at L3/4 and L7 layers. Via this box, you can also locally store and process data if addressing data sovereignty and compliance requirements. The flexibility and scalability of detection and mitigation on this platform future-proofs your deployment that is 100% customizable and adaptable to future technologies.
Cloudshield App
Nexusguard Cloudshield App is commonly deployed in hybrid DDoS mitigation solutions. Upon detection of a DDoS attack, Cloudshield integrates the attack data with a customerâs on-premise appliances; if the attack is smaller than the capacity of the Internet uplink, it is mitigated locally by the on-premise appliance. Moreover, Cloudshield synchronizes with the Nexusguard Cloud Diversion App to automatically divert traffic during large attacks exceeding the traffic level defined by the customer, to the Nexusguard scrubbing cloud to drop attack traffic.
I prefer âexactly sureâ , but if itâs bullet proof, I would love to hear more. . .
if that Global Tier 1 is using it itâs probably working well, I see they offer a free demo and they have a free trial try it out, I canât say names because I keep getting flaged
Thanks but not really a high priority for me, using Thinq, VI and Telnyx for my âprovidersâ I got precisely one âbitchâ in the last two weeks, and that was because she called a number and got a âbusyâ.
)
1 Like
Off-topic, but semi related⌠They announced this today:
2 Likes
just released today Positioning cybersecurity at the heart of Telco models 1 Hour webinar by Nexusguard
With the telecoms facing increased security risks with a rise in DDoS attacks, cybersecurity is moving to the forefront of Telco business models. The need for any Telco to not only continue to digitalize, but align their transformation goals with their cybersecurity services, is imperative. As investments in new technologies and digital infrastructure grow, the implications of not having a strong cybersecurity infrastructure are large. Join the following webinar to find out how a Telco can combat current threats in the market and ensure a safe space to grow over the next decade.
May I ask whoâs calling, please? A recent rise in VoIP DDoS attacks - The Cloudflare Blog
The graph below shows a recent multi-vector UDP DDoS attack that targeted VoIP infrastructure protected by Cloudflareâs Magic Transit service. The attack peaked just above 70 Gbps and 16M packets per second. While itâs not the largest attack weâve ever seen, attacks of this size can have large impact on unprotected infrastructure. This specific attack lasted a bit over 10 hours and was automatically detected and mitigated.
Below are two additional graphs of similar attacks seen last week against SIP infrastructure. In the first chart we see multiple protocols being used to launch the attack, with the bulk of traffic coming from (spoofed) DNS reflection and other common amplification and reflection vectors. These attacks peaked at over 130 Gbps and 17.4M pps.
4 Likes
Holy god damn. Wow!
Ironic the Dell MX7000 reference. Just this year I deployed this at our main offices. Just a single MX740c compute sled in it, but this thing is a beast. Can potentially run a ton of things. Although we definitely donât have Tbps bandwidth in-house!
The question is was bandwidth using this cloudflare protection from the beginning or was this implemented during the attack, this will tell you if cloudflare is amazing or not so much in sip, 70 Gbps shouldnât be that much for cloudflare