back to article DDoSers take weekend off only to resume campaign against UK's Voipfone on Monday

It never rains but it pours. Internet telephone service provider Voipfone, currently battling a "major outage" across all voice services, has admitted to being hit by an "extortion-based DDoS attack from overseas criminals" that knocked it offline last week. A Distributed Denial of Service (DDoS) attack took down the company's …

  1. This post has been deleted by its author

    1. IGotOut Silver badge

      Re: this is what happens when you dont enforce authentication

      Well posted by someone who doesn't have a f'ing clue what they are talking about.

      This is about a DDoS not caller ID spoofing.

      Even if you enforced this, someone chucking a few hundred million packets per second down your network is going to take you out either way.

      1. This post has been deleted by its author

        1. TrevorH

          Re: this is what happens when you dont enforce authentication

          So how do you authenticate when the pipe connecting you to the internet is so full of random data that the real stuff cannot get through. Your grasp of what a DDoS attack actually does and how it operates seems to be not very aligned with reality. You cannot protect against a DDoS attack once the packets from it arrive at your endpoint. It's already too late.

          1. This post has been deleted by its author

            1. elaar

              Re: this is what happens when you dont enforce authentication

              Authentication has absolutely NOTHING to do with DDOS. Please describe your reasoning further. If my home router has a DDOS attack, is that something to do with the outside authentication of my router (which is disabled)?

          2. smipx

            Re: this is what happens when you dont enforce authentication

            Apparently this is what they should be doing: https://blog.cloudflare.com/update-on-voip-attacks/

            1. Lunatic Looking For Asylum
              Mushroom

              Re: this is what happens when you dont enforce authentication

              Question #3: What should I do if I receive a ransom/threat?

              1 Do not pay the ransom

              Paying the ransom only encourages bad actors—and there’s no guarantee that they won’t attack your network now or later.

              2 Notify Cloudflare*

              We can help ensure your website and network infrastructure are safeguarded against these attacks.

              3 Notify local law enforcement

              They will also likely request a copy of the ransom letter that you received.

              Alright there's no ambulance to chase here but how blatant is that of the marketing people.

              * Other parasitic scumbags are available.

        2. Loyal Commenter Silver badge
          FAIL

          Re: this is what happens when you dont enforce authentication

          Because it's totally impossible to target the auth endpoint with a DDoS, thus taking down the auth mechanism, and therefore the service?

          Any business that supplies a service, over the internet, at one or more reachable endpoints, is vulnerable to those endpoints coming under a DoS attack. Auth won't make an ounce of difference to that, although other filtering techniques are available, such as black/whitelisting, packet filtering, and so on, which may have varying practicability depending on how many service users you have, whether they have static IP ranges (hint: they probably don't), whether the attackers do (hint: the first D in DDoS means they don't), whether bogus traffic can easily be separated from genuine traffic from packet shape, etc.

          I'm sure the people being attacked in this instance have a better handle on the specifics of all these things, as they pertain to their service, than you do, and yelling "try grabin f'ing clue" [sic throughout] just indicates that either you are not well versed in the subject yourself, or that you are, and you are just very bad at your job.

  2. TrevorH

    And that would help against a DDoS how?

  3. Mike 137 Silver badge

    against a DDoS

    As far as I know, nobody ever managed to DDoS the POTS (copper PSTN)

    1. IGotOut Silver badge

      Re: against a DDoS

      Nah you just went to the cabinet and pulled out the cables.

    2. John Miles

      Re: against a DDoS

      That may just be because in past it costs lots of money or you have to be a big provider who'd rapidly be disconnected from world if you try it. There are been BGP Hijacks that may have impacted telecoms providers that likely ended up in phone lines unavailable

      However at a smaller scale I believe there have been instances of companies dialling competitors and keeping their phone lines tied up back when everything was caller was only one who could disconnect

    3. Anonymous Coward Silver badge
      Big Brother

      Re: against a DDoS

      I guess you never heard the announcement "All our lines are busy. Please call back later" ??

      It was simple to DoS a specific number, just not the whole network. Also didn't matter whether it was POTS or ISDN, except ISDN handled more lines so took more resources to block.

      1. Paul Shirley

        Re: against a DDoS

        The most significant defence against attacking phone lines on POTS, in the UK at least, was the crippling price of making the call(s) needed to tie up each line!

        1. Jimmy2Cows Silver badge

          Re: against a DDoS

          This is because criminals never rip off someone else's resources, have a nice easily identifiable billing address, and always pay their bills, right?

    4. doublelayer Silver badge

      Re: against a DDoS

      People could block certain recipients quite easily. Especially when the gaps in the analog system became better known. There were tricks to get resources that you didn't pay for, often by finding someone else's resource unprotected. You could then use that to tie up one of the victim's lines. If you could get enough independent connections to close all of theirs, you could lock them out. Eventually, they would terminate your connections and you could race to reconnect before someone else did.

      As for taking down the whole network, that wasn't as common. You couldn't call through all the lines available because they had different capacity in every area. Something to cut through wires would be more effective for a single area.

  4. smipx

    Thanks for bringing this to the attention of the wider public. It seems that Voipfone did not put in place robust enough plans to stop a repeat performance of the outages a few weeks back. Maybe now they will invest more to harden their systems.

    In this day and age more of us are coming to rely on VOIP services and this kind of outage (and this type of technology) surely needs better regulation to compel the smaller players (like Voipfone) from under cutting the bigger players at the expense of a properly robust intrastructure.

    Many small businesses rely on their services and take out contracts with them not really understanding the fragility of their services and not really understanding that they are not properly protected by regulation (e.g. Ofcom). If they did know then they might not chase the lowest prices for their calls but instead look for reliability at a fair price.

    It's not like Voipfone are even that cheap anymore. They charge £3.60 per number and then an eye watering amount to call mobiles from the VOIP service (7p/min). I get the impression (from my dealings with them) that they are a bit of a smoke and mirrors business - pretending to be a big player when they are really held together with bits of string!

    1. elaar

      You can't just simply throw large voip platforms onto places like cloudfare, it's not as simple as that, hence why these people go after voip companies. Voip platforms typically have multiple SBCs and whilst have some defence against DDOS, its almost impossible to stop them. (Unless you know a way?).

  5. cyberdemon Silver badge
    Mushroom

    resilience

    I can only hope that this is a sneaky UK government resilience test to see if VOIP is ready to replace critical infrastructure or not. (and the answer should clearly be NOT)

    BT are planning to phase out POTS by 2025 and replace it all with VOIP.

    If we find ourselves at war (cold or warm) after that, then how would the King/PM/President contact all of the cabinet, civil servants, military bases, factories etc. to coordinate the war effort?

    And if it's not a sneaky UK govt resilience test, it's probably a sneaky Russian one.

    1. Anonymous Coward
      Anonymous Coward

      Re: if VOIP is ready

      Well, all these ddos problems now will presumably help with future resilience, as the bad guys are giving the voip providers lots of real-world practice at remediation and recovery.

      Just imagine if the attackers had decided to keep their powder dry, as it were, and hit voip systems with everything at a critical moment, whilst the voip guys were still green, and still blithely assuming everything would be just fine :-)

  6. Anonymous Coward
    Anonymous Coward

    DDos is par for the course, unfortunately

    I'm afraid extortionate DDoS attacks have become quite normal. Just the other day one of my email providers warned that I could expect some minor inconveniences as they were under a DDoS attack after they refused to pay extortion fees:

    Extortionate DDoS attacks on mailbox.org

    1. alain williams Silver badge

      Re: DDos is par for the course, unfortunately

      Congrats to them for not buckleing and paying the crooks.

  7. Anonymous Coward
    Anonymous Coward

    Annoying...

    This is becoming annoying.

    Couldn't we at least slow them down by blocking Russian internet traffic?

    1. TrevorH

      Re: Annoying...

      Unfortunately they use a botnet which is not just Russian, it's worldwide.

      1. Loyal Commenter Silver badge
        Coat

        Re: Annoying...

        ...so the whole world needs to block Russian traffic to disrupt the C&C servers?

        1. doublelayer Silver badge

          Re: Annoying...

          That will stop them (if they haven't already done what I'll say next) for about two days. Since they already have a bunch of victims, if you find their C&C, and it could easily be outside Russia and if they're Russian it probably is, they could make their bots do it. By distributing C&C across several bots and giving each one a few options, they prevent their whole system, worth quite a lot to them, from being disabled simply by disconnecting one key point.

          Placing C&C servers outside the country in which they operate is quite common. If the attackers are Russian, they have a lot of choices of cloud or colocation providers elsewhere who won't notice if they host a simple server which occasionally gets uploads from a Russian IP.

          1. Loyal Commenter Silver badge

            Re: Annoying...

            I wasn't being altogether serious, and this would obviously not be a practical solution for any number of technical, ethical, and legal, reasons.

            However, if those pesky Russkies have their C&C server outside Mother Russia, and all other countries are blocking Russian IP ranges, then how do they reach their C&C server? Cybercriminals are very unlikely to want to be physically in the same place as their resources, especially on foreign soil. That's a recipe for dawn raids and lots of gaol time.

          2. Anonymous Coward
            Anonymous Coward

            Re: Annoying...

            > "That will stop them (if they haven't already done what I'll say next) for about two days. "

            Two days would be a slowing down.

  8. clyde666

    hard working crims

    "It seems that the evil-doers took the weekend off"

    I've noticed that with spam. Seems to tail off very noticeably over the weekends.

    I don't know whether that's due to their managers taking the weekends off, or whether it's because large parts of their botnets are shutdown for the weekend. If so, that would be western offices then.

  9. sanmigueelbeer Silver badge

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like