On Mon, May 15, 2017 at 01:09:01PM -0400, Ivan Kovacevic wrote: > I think putting this à “block the offending traffic pattern” into practice > is the crux of the issue. Maybe I am short-sighted or don’t give AI > sufficient credit, but I think identifying the offending traffic pattern is > not going to be easy (or maybe possible at all). > > Anyone initiating a TDOS attack can manipulate the call pattern and caller > ID easy enough to make it look like ‘normal’ traffic.
I suppose it depends on how many concurrent channels/call paths the customer has. Given a very small number, almost any amount of calls can tie them up. But, in general, it's not a DoS attack if it doesn't ... DoS. :-) If the attackers slow down the call setup rate enough that it doesn't meet frequency-based DoS detection, chances are it's not a very impactful attack. Of course, there is a grey area; everything is vague to a degree we do not realise until we try to make it precise (with apologies to Bertrand Russell). -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ _______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops
