BGPlay is a good tool.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Joseph Jackson" <jjack...@aninetworks.net> To: "Mike Hammett" <voice...@ics-il.net> Cc: "Tim Bray" <t...@kooky.org>, voiceops@voiceops.org Sent: Saturday, October 2, 2021 11:20:26 AM Subject: RE: [VoiceOps] VoIP Provider DDoSes Is now. If you look at their BGP announcements over the last week using something like bgplay you can see them move all their prefixes behind cloudflare. From: Mike Hammett [mailto:voice...@ics-il.net] Sent: Saturday, October 02, 2021 10:30 AM To: Joseph Jackson Cc: Tim Bray; voiceops@voiceops.org Subject: Re: [VoiceOps] VoIP Provider DDoSes Has been or is now? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Joseph Jackson" <jjack...@aninetworks.net> To: "Tim Bray" <t...@kooky.org>, voiceops@voiceops.org Sent: Saturday, October 2, 2021 9:43:23 AM Subject: Re: [VoiceOps] VoIP Provider DDoSes Bandwidth.com is using cloudflares magic transit for DDOS protection. Seems to be working ok. CF says it doesn’t matter the protocol they can scrub the traffic. From: VoiceOps [mailto:voiceops-boun...@voiceops.org] On Behalf Of Tim Bray via VoiceOps Sent: Friday, October 01, 2021 9:34 AM To: voiceops@voiceops.org Subject: Re: [VoiceOps] VoIP Provider DDoSes On 26/09/2021 21:54, Mike Hammett wrote: Are your garden variety DDoS mitigation platforms or services equipped to handle DDoSes of VoIP services? What nuances does one have to be cognizant of? A WAF doesn't mean much to SIP, IAX2, RTP, etc. Without saying too much: Seems to be a spate of DDOS against UK based voip providers at the moment. For ransom. Don't pay. One provider said that traditional approaches did not work. They tried Voxility but just got false positives. There are providers that do work. But in the UK a lot of traffic goes over peers through internet exchanges. So just swapping transit only half the problem. Prep wise: So practice altering your IP advertisements, dropping and bringing up peers. If you connect to route servers, practice doing selective announcements. Try to get private interconnects to your upstream telco providers. Get your network teams warmed up for when it does happen. If you host with a cloud provider, have a backup because if DDOS is coming from the same cloud ..... Tim _______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
