[VOIPSEC] Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy - Desktop Security News Analysis - Dark Reading (UNCLASSIFIED)

[Dustin D. Trammell]

On Wed, 2008-10-22 at 09:32 +0300, Ari Takanen wrote:
> The article probably meant to say DDoS. A distributed DoS can be
> launched against any service that receives connections from the
> unlucky victims that the attacker is controlling. It is not very
> technical attack. Imagine for example 10 bots calling your mum all the
> time. It has nothing to do with VoIP. VoIP is used to launch the
> attack though.
> 
> The above applies to Any Voice Service.  VoIP is actually much more
> resistant to DDoS than PSTN.

One of the most interesting properties I've always found voice services
to have is that they're extremely susceptible to the inverse of a DDoS,
a slow-rate, targeted DoS, specifically because it's voice and not just
any other network service.

Consider the scenario where an attacker wants to DoS Bob specifically.
Rather than attack the endpoint technology, or even the VoIP
infrastructure, it's far easier to simply attack the user themselves.
Send a call once every 2-5 minutes.  This is likely low-rate enough to
avoid triggering any (D)DoS protections in place, and fits the rate
model of perfectly legitimate voice traffic behavior.  When Bob answers,
just hang up.  After a short while, he'll be really irritated at these
calls and probably either take the phone off-hook or turn the ringer
off, denying himself service by his own action.  The beauty of this
attack is that it also doesn't require any special tech to launch.  With
a little persistence, an attacker can manually call Bob every couple of
minutes and hang up with little effort.

-- 
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.