Kraig, That's a great video showing the routing changes that we have made over the course of the issue, thank you for sharing. We have made a lot of changes over the course of these issues in hopes to combat and mitigate the problems being caused by these attacks. I hope to have an extensive, detailed description of the attacks and what we did at some point in the near future for Ryan's email thread about DDoS attacks. In the meantime, I can share a PR release that we made yesterday describing this mitigation addition:
http://www.prweb.com/releases/2016/03/prweb13286689.htm Timothy Linn Lead Systems Engineer Voip Innovations ------------------------------ Message: 4 Date: Mon, 21 Mar 2016 21:29:15 -0400 From: Kraig Beahn <[email protected]> To: "[email protected]" <[email protected]> Subject: Re: [VoiceOps] VoIP Innovations reliability (NeuStar DDoS Mitigation Addition) Message-ID: <CALsiHpwm2FKpmiTP62vH4S5w5UGFYgAJY=jooljgsyqdrtk...@mail.gmail.com> Content-Type: text/plain; charset="utf-8" VoIP Innovations DDoS (internal ENG notes): One of our customers has used VI since at least 2009, for specific (unique) types of ingress traffic for which it was not prudent [cost-effective] for us to on-ramp to our national TDM network, i.e., select rural off-net markets. They've had their ups and downs with VI, but, for the most part, VI's progressively increased in reliability...until the recent DDoS events. That said - when the DDoS issues started popping up, we were left with the same intrigue as most other VI consumers on this list. Is this really a DDoS style issue/attack? If so - what kind of DDoS issue, what can we do to help, if anything? And , if not - what's really going on and how quickly can we "jump ship"... Interestingly, and cautiously, without pushing out any more information than what is already known to the public, or is publically accessible, we can confirm that they are, in fact, and as of late, using *NeuStar's DDoS mitigation services*.* It also appears, based on BGP data, that the latest maintenance window was to integrate fully such systems.* Our engineering team created a pretty intriguing video for an internal update on the issue, showing the AS paths of their primary and secondary SBC's, which, if you follow the timeline and the ending ASN's, at least, in our opinion, show VI's commitment level. That said - kudos to the VI team, and as frustrated as our team has been, the last thought that always comes to mind is "it could have any of us". http://cdn.enguity.com/vid/VoIPInnovations-DDoS-Mitigation-2016.mp4 ...just a thought On Wed, Mar 16, 2016 at 12:30 PM, Tim Linn <[email protected]> wrote: > > > All, > > > > I can confirm that we did have 2 outages this morning spanning little > over an hour due to another DDoS attack. > > > > We have been careful of the information that we have been giving out > in public updates due to the possibility of the attacker reading that > information and using it against us in some way. > > > > The biggest change that we?ve made to combat this is a DDoS protection > service, which has caught a handful of attacks, but was largely > useless in this latest attack. We?ve made mitigating changes to our > existing setup which appears to have stopped today?s attack so far. > > > > We do have a disaster recovery site and have, honestly, appear to have > done a poor job communicating that to our customers. If you are a Voip > Innovations customer, please contact me for the IP address of the > disaster recovery site. During these outages, the site was taking > origination calls from most of our DID vendors. We?re currently > working on figuring out why all of them did not switch over. > > > > I know that words aren?t much right now, but I am truly sorry for the > issues that you have been having. I understand the importance of > reliability to you and your customers, and I know that those > expectations have not been met over the last few weeks. We are working > diligently with several different companies to continue to make > changes to our network to mitigate these attacks. The changes have > been successful for a number of the attacks that we have seen, but > it?s clear that we are still vulnerable and have work to do. > > > > Please contact me if you have any questions, and I will do my best to > answer. > > > > > > *Timothy Linn* > > *Lead Systems Engineer* > > *Voip Innovations* > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Wed, 16 Mar 2016 11:24:04 -0400 > > From: Jeff Waddell <[email protected]> > > To: Nathan Anderson <[email protected]> > > Cc: Nate Burke <[email protected]>, "[email protected]" > > <[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > Message-ID: > > < > CAO+x49LG2+RQyRU6a0zmgdgaAKd0yYyxASHm6+=9z97idxj...@mail.gmail.com> > > Content-Type: text/plain; charset="utf-8" > > > > Not that it helps a lot - this was posted on the VI facebook page > > > > "[Update] As of this morning, we regret to inform you that we are > again currently experiencing issues that are related to the DDoS > attack being committed by unknown parties against our network. Our > Network Engineers are currently working diligently with our upstream > carriers as well as a network security firm to combat the attack and > will continue to do so until all of the issues are resolved. Our > Senior Leadership has also been in contact with the FBI. The FBI is > considering these events a national security issue due to the number > of firms impacted, the magnitude of the attacks, and the persistence > of these attacks. The Social Media Team will post here the very moment we > have further information." > > > > On Wed, Mar 16, 2016 at 10:29 AM, Nathan Anderson <[email protected]> wrote: > > > > > Down again. **** me. > > > > > > > > > > > > -- Nathan > > > > > > > > > > > > *From:* VoiceOps [mailto:[email protected] > <[email protected]>] *On Behalf Of > > > *Nate Burke > > > *Sent:* Wednesday, March 16, 2016 6:51 AM > > > > > > *To:* [email protected] > > > *Subject:* Re: [VoiceOps] VoIP Innovations reliability > > > > > > > > > > > > Looks like it just came back up for me. Just over 30 min. > > > > > > Nate > > > > > > On 3/16/2016 8:45 AM, Shripal Daphtary wrote: > > > > > > We are experiencing an outage as well. > > > > > > Thanks, > > > > > > > > > > > > Shripal > > > > > > > > > On Mar 16, 2016, at 9:36 AM, Nate Burke <[email protected]> wrote: > > > > > > Problems again this morning? Looks to be acting the same as it has been. > > > > > > On 3/11/2016 6:00 PM, Alexander Lopez wrote: > > > > > > I added them to our monitoring platform, stated getting alarms this > > > past hour or so. > > > > > > Up and down. > > > > > > > > > > > > -------- Original message -------- > > > From: Nathan Anderson <[email protected]> <[email protected]> > > > Date: 3/11/2016 6:31 PM (GMT-05:00) > > > To: 'Nate Burke' <[email protected]> <[email protected]>, > > > [email protected] > > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > > > ...aaaaaand we're back. > > > > > > -- Nathan > > > > > > -----Original Message----- > > > From: VoiceOps [mailto:[email protected] > > > <[email protected]>] On Behalf Of Nathan Anderson > > > Sent: Friday, March 11, 2016 3:30 PM > > > To: 'Nate Burke'; [email protected] > > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > > > It *feels* like they are under attack again, since I get a response > > to > > > a ping once every 20 or so. > > > > > > -- Nathan > > > > > > -----Original Message----- > > > From: VoiceOps [mailto:[email protected] > > > <[email protected]>] On Behalf Of Nathan Anderson > > > Sent: Friday, March 11, 2016 3:28 PM > > > To: 'Nate Burke'; [email protected] > > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > > > Confirmed. > > > > > > -- Nathan > > > > > > -----Original Message----- > > > From: VoiceOps [mailto:[email protected] > > > <[email protected]>] On Behalf Of Nate Burke > > > Sent: Friday, March 11, 2016 3:26 PM > > > To: [email protected] > > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > > > Anyone else show them down again right now? My traceroutes aren't > > > even leaving Chicago. Dying at a Chicago hop on Level3. > > > > > > Nate > > > > > > On 3/6/2016 6:50 PM, Nathan Anderson wrote: > > > > Did anybody else just suffer another 45-minute-ish long outage > > > from > > > about 4:00p PST to 4:45p PST (ending about 5 minutes ago)? > > > > > > > > -- Nathan > > > > > > > > -----Original Message----- > > > > From: [email protected] [mailto:[email protected] > > > > <[email protected]>] > > > > Sent: Sunday, March 06, 2016 4:43 PM > > > > To: Nathan Anderson; [email protected] > > > > Subject: RE: VoIP Innovations reliability > > > > > > > > More here: http://blog.voipinnovations.com/blog > > > > > > > > Frank > > > > > > > > -----Original Message----- > > > > From: VoiceOps [mailto:[email protected] > > > <[email protected]>] On Behalf Of Nathan > > > > Anderson > > > > Sent: Tuesday, March 01, 2016 8:27 PM > > > > To: [email protected] > > > > Subject: [VoiceOps] VoIP Innovations reliability > > > > > > > > Holy schlamoly. Anybody else use them here and being handed > > > outage > > > > after outage over the last 2 days? Seriously thinking at this > > > point > > > > about > > > doing > > > > something else. This is ridiculous. > > > > > > > > I desperately need sleep and if my cell goes off one more time... > > > > > > > > -- Nathan > > > > _______________________________________________ > > > > VoiceOps mailing list > > > > [email protected] > > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > > > > > > > > > > > _______________________________________________ > > > > VoiceOps mailing list > > > > [email protected] > > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected] > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected] > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected] > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected] > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected] > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected] > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > https://puck.nether.net/pipermail/voiceops/attachments/20160316/64ce22 > 3c/attachment-0001.html > > > > > > ------------------------------ > > > > Message: 2 > > Date: Wed, 16 Mar 2016 08:27:51 -0700 > > From: Nathan Anderson <[email protected]> > > To: 'Jeff Waddell' <[email protected]> > > Cc: Nate Burke <[email protected]>, "[email protected]" > > <[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > Message-ID: > > < > [email protected]> > > Content-Type: text/plain; charset="utf-8" > > > > Are more firms than VI provenly being targeted, or are they talking > about #s of firms being impacted because they are talking about their > downstream customers and customers-of-customers? > > > > This might sound weird and conspiracy-theory-ish, which is very unlike > me (you can ask my friends), but..."Anonymous" vowed to target Trump, > and VI started getting attacked the day before Super Tuesday. If I > had to be honest, it *has* made me wonder. > > > > -- Nathan > > > > From: [email protected] [mailto:[email protected] > <[email protected]>] On Behalf Of Jeff Waddell > > Sent: Wednesday, March 16, 2016 8:24 AM > > To: Nathan Anderson > > Cc: Nate Burke; [email protected] > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > Not that it helps a lot - this was posted on the VI facebook page > > > > "[Update] As of this morning, we regret to inform you that we are > again currently experiencing issues that are related to the DDoS > attack being committed by unknown parties against our network. Our > Network Engineers are currently working diligently with our upstream > carriers as well as a network security firm to combat the attack and > will continue to do so until all of the issues are resolved. Our > Senior Leadership has also been in contact with the FBI. The FBI is > considering these events a national security issue due to the number > of firms impacted, the magnitude of the attacks, and the persistence > of these attacks. The Social Media Team will post here the very moment we > have further information." > > > > On Wed, Mar 16, 2016 at 10:29 AM, Nathan Anderson < > [email protected]<mailto:[email protected]>> wrote: > > Down again. **** me. > > > > -- Nathan > > > > From: VoiceOps [ > mailto:[email protected]<mailto:voiceops-bounces@voiceops. > org> > <[email protected]%3cmailto:[email protected]% > 3e>] > On Behalf Of Nate Burke > > Sent: Wednesday, March 16, 2016 6:51 AM > > > > To: [email protected]<mailto:[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > Looks like it just came back up for me. Just over 30 min. > > > > Nate > > On 3/16/2016 8:45 AM, Shripal Daphtary wrote: > > We are experiencing an outage as well. > > Thanks, > > > > Shripal > > > > On Mar 16, 2016, at 9:36 AM, Nate Burke < > [email protected]<mailto:[email protected]>> wrote: > > Problems again this morning? Looks to be acting the same as it has been. > > On 3/11/2016 6:00 PM, Alexander Lopez wrote: > > I added them to our monitoring platform, stated getting alarms this > past hour or so. > > Up and down. > > > > > > -------- Original message -------- > > From: Nathan Anderson <[email protected]><mailto:[email protected] > <[email protected]>> > > Date: 3/11/2016 6:31 PM (GMT-05:00) > > To: 'Nate Burke' <[email protected]><mailto:[email protected] > <[email protected]>>, > [email protected]<mailto:[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability ...aaaaaand we're > back. > > > > -- Nathan > > > > -----Original Message----- > > From: VoiceOps [mailto:[email protected] > <[email protected]>] On Behalf Of Nathan Anderson > > Sent: Friday, March 11, 2016 3:30 PM > > To: 'Nate Burke'; [email protected]<mailto:[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > It *feels* like they are under attack again, since I get a response to > a ping once every 20 or so. > > > > -- Nathan > > > > -----Original Message----- > > From: VoiceOps [mailto:[email protected] > <[email protected]>] On Behalf Of Nathan Anderson > > Sent: Friday, March 11, 2016 3:28 PM > > To: 'Nate Burke'; [email protected]<mailto:[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > Confirmed. > > > > -- Nathan > > > > -----Original Message----- > > From: VoiceOps [mailto:[email protected] > <[email protected]>] On Behalf Of Nate Burke > > Sent: Friday, March 11, 2016 3:26 PM > > To: [email protected]<mailto:[email protected]> > > Subject: Re: [VoiceOps] VoIP Innovations reliability > > > > Anyone else show them down again right now? My traceroutes aren't > even leaving Chicago. Dying at a Chicago hop on Level3. > > > > Nate > > > > On 3/6/2016 6:50 PM, Nathan Anderson wrote: > > > Did anybody else just suffer another 45-minute-ish long outage from > about 4:00p PST to 4:45p PST (ending about 5 minutes ago)? > > > > > > -- Nathan > > > > > > -----Original Message----- > > > From: [email protected]<mailto:[email protected]> > > > [mailto:[email protected] <[email protected]>] > > > Sent: Sunday, March 06, 2016 4:43 PM > > > To: Nathan Anderson; > > > [email protected]<mailto:[email protected]> > > > Subject: RE: VoIP Innovations reliability > > > > > > More here: http://blog.voipinnovations.com/blog > > > > > > Frank > > > > > > -----Original Message----- > > > From: VoiceOps [mailto:[email protected] > <[email protected]>] On Behalf Of > > > Nathan Anderson > > > Sent: Tuesday, March 01, 2016 8:27 PM > > > To: [email protected]<mailto:[email protected]> > > > Subject: [VoiceOps] VoIP Innovations reliability > > > > > > Holy schlamoly. Anybody else use them here and being handed outage > > > after outage over the last 2 days? Seriously thinking at this point > > > about doing something else. This is ridiculous. > > > > > > I desperately need sleep and if my cell goes off one more time... > > > > > > -- Nathan > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected]<mailto:[email protected]> > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > > > > > > > _______________________________________________ > > > VoiceOps mailing list > > > [email protected]<mailto:[email protected]> > > > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected]<mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected]<mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected]<mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected]<mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected]<mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected]<mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/voiceops > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > https://puck.nether.net/pipermail/voiceops/attachments/20160316/076122 > 96/attachment.html > > > > > > ------------------------------ > > > > Subject: Digest Footer > > > > _______________________________________________ > > VoiceOps mailing list > > [email protected] > > https://puck.nether.net/mailman/listinfo/voiceops > > > > > > ------------------------------ > > > > End of VoiceOps Digest, Vol 81, Issue 15 > > **************************************** > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received this message in error, please notify the sender > immediately and delete the original. Any other use of the e-mail by you is > prohibited. > Unauthorized interception of this e-mail is a violation of federal > criminal law. We reserve the right, when permitted by law, to scan > electronic communications, including e-mail and instant messaging, for > the purposes of security and compliance with our internal policy. > > _______________________________________________ > VoiceOps mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/voiceops > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://puck.nether.net/pipermail/voiceops/attachments/20160321/6f903f66/attachment.html> ------------------------------ Subject: Digest Footer _______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops ------------------------------ End of VoiceOps Digest, Vol 81, Issue 46 **************************************** This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received this message in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Unauthorized interception of this e-mail is a violation of federal criminal law. We reserve the right, when permitted by law, to scan electronic communications, including e-mail and instant messaging, for the purposes of security and compliance with our internal policy. _______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops
