Cloudflare made another blog post about what kinds of traffic they are seeing. https://blog.cloudflare.com/update-on-voip-attacks/
One problem is if Cloudflare drops UDP fragments, that could cause some calls to fail and others not to. Especially now with SHAKEN/STIR certs in the headers and people putting every codec known to man on the INVITEs. Verizon specifically mentioned UDP fragments in the email notice before they put S/S on TF Inbound. So cloudflare magic transit isn't necessarily the easy button for protecting VoIP traffic but it would definitely help keep a network alive and processing calls during an attack. On Mon, Oct 4, 2021 at 6:24 AM Mike Hammett <voice...@ics-il.net> wrote: > For those that don't know what BGPlay is... > > > > https://stat.ripe.net/widget/bgplay#w.ignoreReannouncements=false&w.resource=67.231.4.88&w.starttime=1632921600&w.endtime=1632960000&w.rrcs=0,1,2,5,6,7,10,11,13,14,15,16,18,20&w.instant=null&w.type=bgp > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > > ------------------------------ > *From: *"Joseph Jackson" <jjack...@aninetworks.net> > *To: *"Mike Hammett" <voice...@ics-il.net> > *Cc: *"Tim Bray" <t...@kooky.org>, voiceops@voiceops.org > *Sent: *Saturday, October 2, 2021 11:20:26 AM > *Subject: *RE: [VoiceOps] VoIP Provider DDoSes > > Is now. If you look at their BGP announcements over the last week using > something like bgplay you can see them move all their prefixes behind > cloudflare. > > > > > > > > *From:* Mike Hammett [mailto:voice...@ics-il.net] > *Sent:* Saturday, October 02, 2021 10:30 AM > *To:* Joseph Jackson > *Cc:* Tim Bray; voiceops@voiceops.org > *Subject:* Re: [VoiceOps] VoIP Provider DDoSes > > > > Has been or is now? > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > > ------------------------------ > > *From: *"Joseph Jackson" <jjack...@aninetworks.net> > *To: *"Tim Bray" <t...@kooky.org>, voiceops@voiceops.org > *Sent: *Saturday, October 2, 2021 9:43:23 AM > *Subject: *Re: [VoiceOps] VoIP Provider DDoSes > > Bandwidth.com is using cloudflares magic transit for DDOS protection. > Seems to be working ok. CF says it doesn’t matter the protocol they can > scrub the traffic. > > > > > > > > *From:* VoiceOps [mailto:voiceops-boun...@voiceops.org] *On Behalf Of *Tim > Bray via VoiceOps > *Sent:* Friday, October 01, 2021 9:34 AM > *To:* voiceops@voiceops.org > *Subject:* Re: [VoiceOps] VoIP Provider DDoSes > > > > > > On 26/09/2021 21:54, Mike Hammett wrote: > > > > Are your garden variety DDoS mitigation platforms or services equipped to > handle DDoSes of VoIP services? What nuances does one have to be cognizant > of? A WAF doesn't mean much to SIP, IAX2, RTP, etc. > > > > > > Without saying too much: > > > > Seems to be a spate of DDOS against UK based voip providers at the > moment. For ransom. Don't pay. > > > > One provider said that traditional approaches did not work. They tried > Voxility but just got false positives. There are providers that do > work. > > > > But in the UK a lot of traffic goes over peers through internet > exchanges. So just swapping transit only half the problem. > > > Prep wise: > > So practice altering your IP advertisements, dropping and bringing up > peers. If you connect to route servers, practice doing selective > announcements. Try to get private interconnects to your upstream telco > providers. Get your network teams warmed up for when it does happen. > If you host with a cloud provider, have a backup because if DDOS is coming > from the same cloud ..... > > > > > > Tim > > > _______________________________________________ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops > > > > _______________________________________________ > VoiceOps mailing list > VoiceOps@voiceops.org > https://puck.nether.net/mailman/listinfo/voiceops >
_______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops