Learning Hub

Blogs

Popular Blogs

2023: Year in Review

2023: Year in Review

3CX
Call Center
Business Solutions
2023: Year in ReviewAs we transition into the new year, Voxtelesys is proud to share some of this past year’s accomplishments that helped define our path toward continued innovation. We look to carry the same level of growth, innovation, and advancement into 2024. Let’s dive into some of this past year’s exciting developments that have shaped Voxtelesys’ commitment to providing cutting-edge solutions. Learn More
3CX Version 20

3CX Version 20

Call Center
SMB
PBX
3CX Version 20Take advantage of our offer: No setup fees will be charged for upgrading to 3CX V20 with Hosting by Voxtelesys until March 2024! - 2 Core, 2 GB All 3CX's hosted by Voxtelesys come standard with a minimum of 2vCore and 4GB's of memory, so no worries here. - Sufficient Disk Space needed. Ensure a minimum of 5 GB of free disk space - The source list must remain unaltered for a successful upgrade; any modifications will result in failure Remove any additional source lists. If you are utilizing Microsoft Azure, verify by checking "cat /etc/apt/sources.list.d/microsoft-prod.list." Learn More
SMS Registration

SMS Registration

Call Center
SMB
3CX
SMS RegistrationSince the beginning of February 2021, the major wireless carriers (Verizon, AT&T, and T-Mobile) have been working with The Campaign Registry (TCR) to implement a process to register everyone using VoIP and US local phone numbers to send SMS or MMS messages. All US local (NANP) VoIP SMS numbers must be registered with the TCR, this includes low-volume customers/numbers. A couple of reasons for the TCR and campaign registration: (1) it protects the end-user from spam (2) and it keeps further FCC requirements and regulations from being implemented. Learn More
Learning Hub / Blogs / How are VoIP networks vulnerable to DDoS attacks? FAQs
How are VoIP networks vulnerable to DDoS attacks?
Call Center
SMB
Ask the Experts
Compliance
Premium Routes
SIP/VoIP
Knowledgebase
Business Solutions
3CX

DDoS (Distributed Denial of Service) attacks on VoIP Carriers and UCaaS providers, attackers target the components of the VoIP systems causing intermittent service or complete outages. First, it is necessary to understand how VoIP connections are established and all the workings that go into these complex systems. The Open Systems Interconnection (OSI) model is always a good starting point for explaining modern networked systems and how they work— by separating modern networking into seven easy-to-understand segments from the application to the network to the physical layer. DDoS Attacks primarily happen in two of three categories Application Layer Attacks (ALA), and Network Layer Attacks (NLA), although Physical layer attacks are possible "War, Terrorism, Contractors with backhoes." An attacker may use any number of different attack vectors and cycle through them in response to countermeasures taken by the targeted systems to achieve their goals.

OSI Model

Layer 7 DDoS attacks, sometimes referred to as application-layer attacks (ALA), exhaust the target's resources to create a Denial of Service. The attacks on a VoIP carrier's web service, portals, media, and SIP require the systems to consume an abnormal level of resources leading to congestion inside these systems. Computationally inexpensive to execute on the client-side, it can be expensive for the target server to respond. ALA attacks are challenging to detect since it can be difficult to distinguish malicious traffic from legitimate traffic, HTTP Flood, Attacks, SIP Flood, and too many more to list. These types of attacks range from simple to complex. 

Protocol attacks, also known as state exhaustion attacks, operate at the NLA. They cause a service interruption by consuming too many network resources, exploiting vulnerabilities refer to the OSI model's network layer (layer 3) and transport layer (layer 4). A network layer receives a request exceeding its ability or resource to handle it. As a result, it can no longer keep up with all the requests it receives, becomes overloaded, and requests go unanswered.

Volumetric attacks are also an NLA; this category of attacks attempts to create congestion by consuming all available bandwidth between the target and the larger internet. Large amounts of data are sent to a target using amplification or another means of creating massive traffic, such as requests from a botnet. NTP Amplification, DNS Amplification.

One way to describe a volumetric attack is TikTok Targeting Starbucks.  TikTok operates like a modern botnet. TikTok users or "zombies"  receive a command from their threat actor/source and start making very complex, expensive, and hard-to-make drinks through the Starbucks app. These actions led to longer lines and delays, which backed everything up, causing a complete shutdown of online orders. The ordering system itself had not failed; it could take more orders than the back end could produce, but the abnormal traffic and its complexity completely saturated the barista's bandwidth.  The issue is that the zombies/TikTok users themselves are valid users and have ordered from Starbucks using the app before they joined the botnet. Protecting from this event is almost impossible. All kidding aside, volumetric attacks can cause upstream providers to shut off or blackhole networks and systems that are affected by these attacks to protect the greater network. 

As DDoS becomes more sophisticated, we see a combination of NLA and ALA attacks that require more creative and complicated solutions. Mitigating these attacks require all of the above approach and many tools. We don't know what we don't know; in some cases, we need to go back to the beginning and start from scratch or hope that we are not the first and that someone else has already figured out what to do.

Cloudflare What is DDoS Attacks

Kaspersky ddos attacks

Comptia ddos attack how it works

Norton Emerging threats what is a ddos attack