VOIP.MS DDOS 7 Day outage dump them? is this normal in the industry

Terry is now being extorted for $4000000 , perhaps a previous investment of $40000 for warmware or perhaps $4000 for a cisco certification would have been a good investment in retrospect.

(I hope they survive this )


People with brainpower have volunteered services. I hope they survive it too. I think they definitely have their place in the market. People just need to be realistic. It is a lot like Texas when all the people swimming in savings from wholesale power found out the market price goes up 1500% when it gets warm. You are using a bare metal wholesale service. You dont get retail perks


Apparently the ransom just jumped to $4.8million to make it stop. For comparison it was $48k

In any case This will probably continue till one side or the other gives up.

I am guessing the more they fight the more the price goes up

And why should they give up it doesn’t cost the hacker Anythink to keep it going


We aren’t sure if hacker will stop attacking after voipms pays.

Unlikely, that stance would defeat any ongoing expectancies they might have.

I know many web companies use a round-robin DDOS shield for this type of situation, but I have the feeling, with this attack…that it was not helpful…

Pretty sure these guys are ‘cleverer than the average guy’, That’s how they make their bucks. They are opportunistic and look for flaws in anyone’s implementation of anything ( yours included)

@dicko I fully agree, that’s why I phrased it the way I did. As you stated, this is a good time to look internally, and check out one’s security. It’s a nightmare scenario, and I feel for the customer AND Voip.MS, I truly believe this could happen to ANYONE. The defense position in the security world is a tough one to play, with an offense like this.

Not that I am being in any way confrontational. but what protocol:port are you currently listening on for your SIP connections ? Because if UDP:5060 I can assure you that you are already in many lurking attackers databases

@dicko. Once again, I’m not disagreeing with you. Not sure how I gave you the impression I am. Nothing but agreement here. I’ve worked in enterprise environments long enough to know how much I know, and how much I don’t know, and I just play defense the best I can. I do the best I can with my security. As far as discussing it, My best defense is to not discuss it and keep my security config under wraps, and just keep doing the best I can with it. And I’ll leave it at that.

Not really an answer, on what protocol:port are you listening on for SIP connections ?

Just as I intended. :slight_smile: And this is getting a little weird now. Are you friend or foe :wink: You’ve been friend with intercom knowledge :wink:

I’ll send you an equally intrusive question back. Do you front face, or do you VIP NAT (allowing any translation) to that port only allowing the traffic the needs to be there, with a gateway layer in front? And I’m not even saying the same port :wink:

Very easy, you just won’t say, most people here have UDP:5060 open and thus exposed, there are 10000 black hat out there who know that a few minutes after you start a machine. If you do that then expect a ‘secondary inspection’, they are not necessarily primarily trying to make a connection, they are now looking at whether you are using FreePBX or XPBX, it’s not brain surgery, it’s just what they do. . .

Listen only for TLS with a legit cert and you are better prepared.

@dicko, read my exapnded comment above, of course I won’t say. As well, there’s an expanded scenario.

PS - Its the same reason I wouldn’t front face a default SSH port.

I only allow connection with openvpn or ip Authentication or ddns I never expose a PBX to the internet

1 Like

Then use your self introspection, either you are or you are not listening on a commonly compromised port. If you are, I suggest you are ‘not being clever’, If you are not then good for you. That is not weird, just good advise.

Yes, they will sniff and Metasploit what they can. Not arguing with you on that.

Then protect your hind quarters and stop then sniffing, it really is that easy.

1 Like

And as @ITconsultant states, I never expose a PBX to the internet. Not sure how anything I’ve said or have not said, is controversial. I find it more insulting that someone else would think I would. However, maybe that’s directed at other experiences. As for protecting Edge interfaces or other wise, I tend to drop as much traffic as I can in regards to that. So nothing new there either, I use Layer 7 and turn off as much on the Edge interface as I can. My interfaces are not exposed for regular inspection. As such neither is any public facing interface. And yes, if if they are trying and dropped, I make sure to drop any newcomers even trying. And yes the internet is good for calls, But so is isolated VPN’s/VLANS to the gateway. I’m just saying I don’t expose the edge interface. That’s all, but twist that into whatever makes you happy tonight.