Understanding TDoS Attacks On Your VoIP Telephony System
Surprisingly, one of the most disruptive techniques of compromising your brand-new VOIP telephony system has been around for years. Nonetheless, it is still very hard to fight and prevent. We are talking about the Denial of Service attacks of course, or their more telephony-specific variety called Telephony Denial of Service attacks (TDoS).
What are TDoS attacks?
TDoS attacks are similar to regular DoS attacks besides the fact that they target your phone numbers rather than websites. In case of a TDoS attack, you will receive a huge number of inbound calls that will make your system go out of order for some time and thus impede your communication abilities. The Internet connection makes is easier to generate calls and harder to block them, as new technologies are being developed to send calls from different cities and with different caller IDs. In fact, there are companies that offer this kind of “service” for a fee of only $50 or so.
The purpose of a TDoS attack is, of course, money. Usually, the flow of calls wouldn’t stop until a certain amount is paid to the perpetrators. To make the scheme even more fast working, they started targeting establishments that rely heavily on their communication systems such as hospital emergency rooms.
Reasons why the number of TDoS attacks is growing
Mark Collier, the CTO of SecureLogix Coreporation, gave three main reasons why TDoS attacks are getting more popular among swindlers:
- Technology advancements. Free PBX software and the use of SIP trunks for unauthorized purposes make it much easier and convenient to organize attacks.
- Clear motivation such as disruption of business, financial fraud, etc.
- The use of cheap resources – even free social networks can be used to organize TDoS attacks (e.g. there have been cases recorded when a tweet or a Facebook post called on users to start calling a particular organization at a certain time).
Types of TDoS attacks
As the technology advances, so do the TDoS attacks. Its most basic form – manual – is already a thing of the past and has given place to more complicated ones. Now is the time for automated and distributed automated attacks. In case of the former, calls are generated automatically and the number of the imaginary caller is changed every time. Yet they still originate from a single place. When a distributed automated attack is arranged, calls originate from different places (e.g. from different SIP trunk providers), there might be a different audio played every time a person picks up, and the caller ID changes every time. The last type is the most dangerous of all, as it makes it so much harder to identify the place of call origination and block it.
There is also another classification for TDoS attacks, which divides them into signaling, media and physical ones. In case of a signaling TDoS attack, the perpetrators target the signaling protocol. For example, they can create a vast number of call setup requests that use the entire capacity of the terminal or cancel pending call set up signals to make it impossible to end the call.
In case of a media TDoS attack, media-processing components of your VOIP system are flooded with a large number of RTP packets. Finally, physical TDoS attacks include forced power outage and physical damage to hardware.
Preventing TDoS attacks
To reduce the chances of your VOIP telephony system falling a victim of a TDoS attack, please follow the security tips we’ve provided here and here. To fight media and signaling attacks, implement strong authentication protocols. All components of your system should “know” they’re “communicating” with legitimate counterparts. A VOIP firewall is also an effective countermeasure, used to monitor abnormal activity within the system.
To avoid physical attacks, implement a system of limited access to key VOIP components and provide a backup power generation system.
As TDoS attacks have been recognized as a threat on a state level, FBI recommends to report all cases of such, preferably with all possible data gathered in the course of the attack – caller IDs, IP addresses, start and end times, etc.
Although associated with some risks, a VOIP telephony system is still an effective communication solution to boost productivity and reduce costs. With certain precautions, you can avoid the danger and gain the most of this cutting-edge communication solution.