Callcentric VoIP DDoS Attack

Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > Callcentric VoIP DDoS Attack

Posted by Atlas Global, 10-06-2012, 07:48 PM
I have a line with these guys... it's been down much of the day... this is from their website.

*UPDATED 10/06 4:00 PM EST*

The second attack against our new servers has been suppressed.

sip.callcentric.com and srv.callcentric.com should provide better quality and functionality and they are being continually monitored. We are still committed to answering questions and will continue to provide as timely/detailed support as possible.

With this in mind, we recommend subscribing/following our official Twitter page (http://www.twitter.com/Callcentric) as we will be posting updates and additional information as available.

The original attack is still ongoing and we are returning to this issue in order to attempt to restore normal service across the board. This investigation process involves deep packet inspection and analysis to properly diagnose and prevent any other damage.

We sincerely appreciate your patience with us and again apologize for the inconvenience.

*UPDATED 10/06*

Unfortunately, the attacks against us have been modified and we are now experiencing two different types of DDoS attacks. The new servers (sip.callcentric.com and srv.callcentric.com) were meant to assist in reducing the load and allowing service to operate for some clients. Unfortunately due to this new information being publicly released, outside of Callcentric, our new servers have also been affected. As such, the work-around that we developed and the information provided yesterday will no longer work.

We want to assure all our customers that we are fully committed to resolving this problem as quickly as possible, in order to fully restore your services and all the associated functionality.

We would like to re-iterate that this attack will only result in a service disruption and that all of your information is encrypted, safe and secure; and that NO customer data was stolen NOR destroyed.

If you are using our service solely for E911 access; please note that if you experience an emergency which requires E911 we recommend that you place this call via a third-party service until this issue has been fully resolved.

Updates will continue to be provided both via the MyCallcentric Portal and on our Twitter Page (http://twitter.com/Callcentric).

If you are using our service solely for E911 access; please note that if you experience an emergency which requires E911 we recommend you place that call via a third-party service until this issue has been fully resolved.

Upon achieving a resolution, we will be providing as detailed an explanation as possible regarding this issue as well as the resolution.

Again, we sincerely apologize for any inconvenience you have experienced as a result of these malicious attacks and we truly appreciate your understanding and patience during this process.
________________________________________________________

For the past two days we have been experiencing a sophisticated type of attack. As soon we noticed the first attempt we commenced an immediate physical upgrade to all of our servers increasing capacity and CPU power by a factor of four in addition to other precautions. Unfortunately even though this is similar to a "typical" DDoS attack it is targeted specifically at the SIP protocol and causes server load to increase to 100% within 1 minute of initiation. As such, standard and extraordinary prevention measures were unable to prevent it. We do not know the specific methodology of the attack but are aware that it is *similar* in effect to a DNS TRASH flood attack. We are performing forensic analysis on the data we have and are capturing traffic to find an exact reason and solution.

We would like to clarify that there was no intrusion into our network and all of our servers switches and internet connections have been functioning *normally* throughout the entirety of this concern. None of our equipment or interlinks were disconnected or went down. Additionally please note that all of your information is encrypted, safe and secure; and that NO customer data was stolen NOR destroyed.

We have been working as aggressively as possible throughout the day/night and we have found a short term work-around which will provide immediate relief and allow calls to function normally. This will require updating your configuration slightly. Please re-configure your software/hardware with the following information: