SIP traffic would run on your internal network? Whereas the attack would come from an external source?
How does internal FWing or QOS help here? Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Ziots, Edward Sent: Tuesday, 4 June 2013 11:50 PM To: [email protected] Cc: Kurt Buff Subject: RE: [NTSysADM] TDoS - your new term for the day The funny part is that SIP based Telephony has been being abused for years ( toll fraud, etc etc) and the controls around VOIP traffic are pretty weak since hardly anyone ever FW's off the VOIP traffic from the regular network traffic, or does proper QOS, which only exacerbates the issue when you get hit with a flooding attack, Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Tuesday, June 04, 2013 9:31 AM To: ntsysadm Cc: Kurt Buff Subject: Re: [NTSysADM] TDoS - your new term for the day The attacker "advantage" of a TDoS is that most organizations have only one phone system, or have one for corporate activity vs customer support activities, and it is easy to identify which is which. A DDoS on an organization's website might not impact their backoffice operations at all, depending upon the network configuration. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Tue, Jun 4, 2013 at 1:00 AM, Kurt Buff <[email protected]<mailto:[email protected]>> wrote: http://www.darkreading.com/attacks-breaches/hacking-the-tdos-attack/240155809 By Kelly Jackson Higgins Dark Reading May 30, 2013 When an ICU nurse refused to pay scammers who insisted she owed money for a payday loan, they unleashed a robo-dial flood of hundreds of calls per hour that ultimately shut down the phone system of the hospital's intensive care unit. In another case, supporters of a popular company that received a negative rating from a major financial firm voiced their displeasure by crowdsourcing phone calls to the firm in an attempt to block its trading and other functions -- and they organized it via a Facebook Event post. These real-world cases of telephony denial-of-service (TDoS) attacks in the past year didn't get the publicity that distributed denial-of-service (DDoS) attacks did, but security experts say these types of attacks have been on the rise in the past couple of years and can be just as damaging as a DDoS. "Personally, I believe that it's a more invasive approach to target a company's [or] individual's primary means of communication. Just like DDoS attacks, based on my observations, they tend to abuse the infrastructure of legitimate services, Skype, ICQ, major U.S-based carriers, and relevant SIP providers," cybercrime researcher Dancho Danchev said in an interview via email. TDoS attacks -- which earlier this year were becoming prevalent enough that the U.S. Department of Homeland Security issued an alert about a threat of TDoS attacks on public sector entities in an attempt to extort money -- are typically similar in motivation and goals as DDoS attacks that flood networks, websites or other servers with massive volumes of traffic meant to bring an organization's data structure to its knees. Call centers are the most popular TDoS targets -- they're easy to contact and flood with calls -- and, increasingly, there are more tools readily available tools for launching these attacks on any organization or individual's location. [...]
<<inline: image001.jpg>>
