[VOIPSEC] Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy - Desktop Security News Analysis - Dark Reading (UNCLASSIFIED)

[Ari Takanen]

Slow rate or not, all this discussion (and the other one regarding the
recent VoIP attacks) just reminds me of war dialling. 

One could assume that using VoIP protocols, it takes very little
resources (or time) to make a call to say, several million subscribers
of any VoIP service, or even a PSTN service provided you do not keep
calling the same target organization at the same time and DDoS his
local voice switch or any of the VoIP-PSTN gateways. Well little
resources at least considering what it used to take to make
e.g. 10,000 calls in the old times. Annoyance per user is
minimal. Very few organizations would even detect it. Very few user
agents would have even time to say "buzz" before you would already
hang up.

Use case? No idea... But that might be what we see people doing,
although we only see the failed attempts. The real scans go
undetected.

Just a thought.

/Ari

On Thu, Oct 23, 2008 at 10:48:08AM -0500, Dustin D. Trammell wrote:
> One of the most interesting properties I've always found voice services
> to have is that they're extremely susceptible to the inverse of a DDoS,
> a slow-rate, targeted DoS, specifically because it's voice and not just
> any other network service.

-- 
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Ari Takanen                       Codenomicon Ltd.
ari.takanen at codenomicon.com       Tutkijantie 4E
tel: +358-40 50 67678             FI-90570 Oulu
http://www.codenomicon.com        Finland
PGP: http://www.codenomicon.com/codenomicon-key.asc
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-