CallCentric "Under Attack"

Discussion in 'UK VOIP' started by (PeteCresswell), Oct 5, 2012.

  1. Their problem reporting page contains the rather-verbose message
    below, but does not tell the customer what to expect.

    Would I be guessing correctly that one thing to expect would be
    busy signals on long-distance calls?

    --------------------------------------------------------------
    Investigation into current problems:
    For the past two days we have been experiencing a sophisticated
    type of attack. As soon we noticed the first attempt we commenced
    an immediate physical upgrade to all of our servers increasing
    capacity and CPU power by a factor of four in addition to other
    precautions. Unfortunately even though this is similar to a
    "typical" DDoS attack it is targeted specifically at the SIP
    protocol and causes server load to increase to 100% within 1
    minute of initiation. As such, standard and extraordinary
    prevention measures were unable to prevent it. We do not know the
    specific methodology of the attack but are aware that it is
    *similar* in effect to a DNS TRASH flood attack. We are
    performing forensic analysis on the data we have and are
    capturing traffic to find an exact reason and solution.

    We would like to clarify that there was no intrusion into our
    network and all of our servers switches and internet connections
    have been functioning *normally* throughout the entirety of this
    concern. None of our equipment or interlinks were disconnected or
    went down. Additionally please note that all of your information
    is encrypted, safe and secure; and that NO customer data was
    stolen NOR destroyed.

    We have experienced attempted *unsuccessful* attacks in the past
    and have made changes in real-time to stop them as well as to
    prevent future similar attacks. Many of our security
    documentation guidelines and features have been geared towards
    these changes. Unfortunately this is an entirely new type of
    attack, the mechanics of which are still coming to light.

    ..... (more stuff snipped)
     
    (PeteCresswell), Oct 5, 2012
    #1
    1. Advertisements

  2. Per (PeteCresswell):
    I got an email from the provider, but understanding it appears tb
    somewhat beyond my current pay grade.

    They want me to change my "Outbound Proxy to one of three values
    depending on some thing if no clue about:

    ------------------------------------------------------------------
    Outbound proxy:

    sip.callcentric.com - For clients *ONLY* able to use A records
    srv.callcentric.com - For clients able to use DNS SRV
    bypass.callcentric.com - For clients able to use DNS SRV
    ------------------------------------------------------------------

    Can anybody shed some light? Maybe something I can do to
    determine which category I fall under?

    FWIW my current Outbound Proxy = "CallCentric.com"

    If I had to guess, I'd say "DNS SRV" = "DNS Server"

    If that's the case, I guess it'd down to choosing between the
    second two addresses.

    ??
     
    (PeteCresswell), Oct 6, 2012
    #2
    1. Advertisements

  3. Not without knowing what client you are using.
     
    David Woolley, Oct 6, 2012
    #3
  4. I am getting "registration failed" results from both my Gigaset and Bria
    softphone and no connection, let alone busy signals, from attempts at
    outgoing calling. Is anyone seeing something different?
     
    Anthony R. Gold, Oct 6, 2012
    #4
  5. Per Anthony R. Gold:
    I got a response from them yesterday.

    The fix for me on my SPA3102 was to change Voice > Line 1 >
    Outbound Proxy from "callCentric.com" to "srv.callcentric.com".

    Didn't try to use my instance of Bria during the problem period,
    but it just worked for me now on a long-distance call.
     
    (PeteCresswell), Oct 7, 2012
    #5
  6. Thanks but that did not work for me. Indeed I can not even get DNS resolution
    for hostname srv.callcentric.com.
     
    Anthony R. Gold, Oct 7, 2012
    #6
  7. Per Anthony R. Gold:
    It's still working here.

    But I cannot ping srv.callcentric.com either.

    The explanation is probably in AlexD's post, but I haven't parsed
    it yet.
     
    (PeteCresswell), Oct 7, 2012
    #7
  8. Thanks. I guess my Gigaset does not support SRV records.
     
    Anthony R. Gold, Oct 7, 2012
    #8
  9. Maybe a couple of issues here. First, maybe srv.callcentric.com is not even a
    hostname with an A record, according to alexd's theory. But second, even if
    it was a host name it likely would not be responding to pings anyway - See:

    http://www.callcentric.com/faq.php?s_go=1&search=ping&go=Search#102

    But finally, Callcentric is registering again using its main host name.
     
    Anthony R. Gold, Oct 7, 2012
    #9
  10. (PeteCresswell), Oct 8, 2012
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.