How to Protect Against TDOS Attacks

How to Protect Against TDOS Attacks

How to Protect Against TDOS Attacks

The phones won’t stop bringing or they don’t ring it all. Contact center agents waste time answering bogus calls while customers complain they can’t get through. 9-1-1 agents waste time answering robo callers instead of dealing with real emergencies.

Telephony denial service or TDOS attacks clog up business telephone lines causing disruption of business and wasting employee productivity. TDOS attack scan be the result of nefarious actors trying to extort money or a targeted grudge to settle, but also come from rogue robocall campaigns.

Either way, TDOS attacks are becoming more common and more difficult to prevent. Service providers are often unprepared and unable to address TDOS attacks leaving businesses vulnerable while they search for a solution.

Welcome to how to protect against TDOS attacks on our 22nd monthly webinar in the Free SBC / Pro SBC series covering technical business and partner topics to help service providers and enterprises better secure their networks.

During today’s session we describe the methods that service providers and businesses can use to mitigate TDOS attacks, reducing or eliminating their in their impact.

Towards the end of the session will also share three real customer case studies showing how these businesses implemented their own TDOS solutions deflecting hundreds of unwanted calls per day so… let’s get started! We’ve got quite a bit on our agenda today I wanted to share with you. First I’m going through a couple of introductions and then we’ll talk about the TDOS problem where it comes from and the source so that you can understand better how it can be mitigated.

Then we’ll talk about mediation on how to resolve some of the SIP TDM mediation how to detect them and some case studies and then we’ll end up with some Q&A. Let’s start out with some introductions I’m Alan Percy I’m the chief marketing officer for telcobridges and today’s event moderator.

Joining us again today by Jim Dalton he’s the CEOof Trans Nexus along with Alec Finichel he’s a software engineer at Trans Nexus and gentlemen thanks so much for your contribution and helping out again today! Thank you happy to be here.

Thanks Alan All right let’s start out just a little bit of introductions I looked again at the registration list wehave lots of new faces on the list and I just want to give a quick overview who -telco bridges is you know we’re a manufacturer of telecom void gate ways and SBC software privately held.

we were founded 2002 it about 40 employees based in Montreal we do most of our development software development and hardware development there in the offices in Montreal and we’ve got salesand support offices in Poland Turkey Hong Kong where we provide 24/7 technical support for the gate ways and SBCs and other products so it’s a quick overview of that.

With that I’m gonna turn it to Jim to just give a quick overview of Trans Nexus thanks Alan Trans Nexus our focus since 1997 has really been on routing and policy policy solutions for voice over IP networks and most of our customers use our platform for least-cost routing but that same least-cost routing dip is a great opportunity for toll fraud protection and also for inbound calls analyzing.

the calls coming in and filtering out robo calls and stopping t dos attacks so this is a that’s our focus and of our business great and you’re based in Atlanta and that’s great awesome all right so one of this start the discussion a little bit of a story and some of you may have seen this was an article published a networked world a few years ago.

the title of the article is the day that the 9-1-1network stood still and this was a hacker in the phoenix area who was basically probing the apple iphone security and looking for holes in its security and he created a little web application that would dial nine-one-one if if someone were to activate it and ofcourse he posted.

the application online via Twitter and it turns out that 1,800 people in the Phoenix area compromised their phones and then flooded the 9-1-1network center with calls so so overwhelmed that that the peace app was unable to answer any actual live calls and for well over a day this this entire geographic area was without 9-1-1 service which is you can imagine is a serious problem.

you know the ambulances police fire everything came to a screeching halt and it was a very difficult denial service attack to stop because they actually had to do a power cycle on the user’s phones to get this thing to stop and I’ve included a link to the full article hereat the bottom of the slide so when you get the slides after wards.

you might want to read that it’s a very so bering article about a situation and this is just one example and this example was a foundation for some work that the Department of Homeland Security initiated in William Bryan there the senior official performing the duties of the Under secretary of Science and Technology that’s a mouthful noted here.

if coordinated with an actual physical terrorist attack this style attack would be particularly catastrophic resulting in a large number of victims losing the ability to connect with emergency services so the thinking is you know if there were some physical actual attack by a terrorist.

you know an example of some of them you know 911 attacks if they prior to that clog then I want one system it could cause significantly larger loss of life and property damage so um it’s a genuine concern that the Department of Homeland Security is taking very very seriously so um you know looking a little bit deeper at Tito’s.

you know I think it was for a long long time it was just kind of a nuisance right the robo calls and someof those stuff was just a nuisance but I think we’re now starting to realize it’sreally starting to have a negative impact and not only businesses government in some particularly vulnerable businesses you know that like we just mentioned then.

I won one emergency call centers but also you know banking and financial health care in context centers seem to be particularly vulnerable to these I’m really throwing a monkey wrench into the works and we’ll we’ll get into some of these case studies towards the end of the session.

you’ll see how these individual businesses are struggling with them and some methods that they can use to rectify it one of the things that to me was a little bit so bering as I started to research this topic and get a little bit closer to it is it really turns out they’re just to attack profiles one of them is is a tsunami of traffic right.

this is just somebody generates so much telephone traffic to a particular target they just over whelm that telephone facilities well they over whelm the trunk ports or the over well over whelm their PBX or they over well over whelm their UC platform whatever might be but it’s just a huge amount of traffic and there and those do exist.

we do see those tsunami of traffic kind of attacks but what seems to be pretty common to is this we call named it the persistent past and this is the dripping faucet problem it’s just constant non-stop low volume of calls that that are taxing to people and resources inside the organization.

they don’t necessarily clog up the whole system but they clog up enough of it to be you know costly you know and a you know a difficult problem to solve so when we get into the case studies will talk about there’s actually a couple of different scenarios.

when we get to the end so where do these things come from well one of the unfortunate side effects of all this really nifty VoIP technology is that we’ve made it faster cheaper and easier to hide the origin of calls and unfortunately this is one of the negative side effects is this you know these tedious attacks.

they’re actually relatively easy now to get a set of SIP trunks for example to create quite a bit of traffic the attacks that often are also distributed meaning you know they distribute malware that goes on to desktops or to mobile devices and the users of those devices don’t realize it.

but those devices have become you know trojan horses and they’re part of a distributed attack you know at midnight on a certain day they all wake up and suddenly you know dial a phone and that creates a tsunami of traffic to a particular target.

we’ve also discovered that some of the popular open source platforms are very very easy to create applications that can generate a large volume of calls and not only just generate the call but also stimulate or manipulate the IVR ACD this at the other end to create you know loops that would allow the call to stay up and tie up the port for a longer period of time.

some of the new C pass platforms the communication platform as-a-serviceare initially when they were susceptible to being used for this kind of application fortunately most of the big ones have now put call rate limiters within their platform.

but there was a long long time when it was very very easy with a C pass to create a T das attack to play prompts to get people to detect when people answer and keep them busy with a series of prompts the tyingup phone line and lastly you know some of the legitimate notification services right there’s there’s services designed to do reverse 9-1-1 to do.

you know school closing applications these kinds of things could be very easily used for nefarious purposes to generate a tea dose attack so a hand ful of places and honestly no single tea dose attack is a like you know to each other there the yseem to be all very much customized based on their target.

so what are some of the motivations and we’ve kind of looked at many of the case studies and narrowed it down to a handful of motivations one of them is extortion this is relatively rare but pretty which was one of the more severe ones which is the old semi $10,000 in Bitcoin or else.

I’m gonna you know crusher contact center you don’t believe me I’m gonna do it at 10 o’clock tomorrow boom they crush it and then they say ok send the $10,000 I’m gonna do a deal all day tomorrow you know and of course a context center or Bank or one of these no they might you know they might fold and pay the money there’s a distraction motivation to which is I’m going to tie your resources up and while.

you’re trying to chase this I’m gonna go hack your system and it’s kind of a you know the old magician distraction methodology of look over here and while you’re doing that I’m gonna go invade your systems frankly there’s a lot of pranksters out there too you know they’re just looking for fame and fortune.

you know we’ve seen reports of some of the you know online forums these guys brag about their their bravado about being able to go in and make a mess of some target that we talked about the or the robo calls II um in advertent t das right a robo call platform that maybe doesn’t advance.

the next number like it’s supposed to just hammers the same number over and over and over again or database gets polluted with a lot of duplicate numbers might in advertently hammer in a particular business and what we get to our case that usually see one of them as that and the last is is you know going after a competitor.

one of our stories to wards the end is exactly this this is where you know a competitor is creating traffic to one of their competitors tying up their phone lines and wasting their agents time in a way to deflect business over to them what’s the impact on some of these different businesses well of course you know doctors and health health care workers.

they have to answer the call right I could see one of our EMS participants here talking about it but you know you gotta answer the calls and I won’t one operators have to answer the calls context center people you know the phone rings they answer it right they you know the ECD sends them a call the answer in the waste time a matter of fact one of our customers talked.

you know analyzed the time the number of minutes that each agent had to waste dealing with these robo calls that were coming into their platform and did the math and it was a frightening ly large amount of personal time money that was being wasted by the agents businesses have.

if they have all these calls coming in they can’t get to the good ones right it’s hard to sort them on you imagine being a plumber today and having to answer your cell phone every time it rings when half of them are bad calls and of course consumers hate it.

they complain to their service providers and frankly they complain to each other too about the robo calls that pester them so let’s take a look at an architecture diagram and get a little bit closer to understanding a methodology to resolve this and this whatever showing here is the typical enterprise deployed hosted or Enterprise deployed PBX it could be hosted meaning this SBC and the PBX could be in the cloud the phone’s obviously would be in the customer premise or it could all be on Prem rightthe SIP trunking could land at the customer’s SBC the PBX could be in-house.

Leave a Reply

Your email address will not be published. Required fields are marked *