Most of the larger DDoS mitigation appliances can block malformed SIP traffic and also can block volumetric/state exhaustion UDP floods. A lot of VoIP companies have Session Border Controllers (SBCs) to protect
public facing VoIP services. SBCs are more application aware. Kind of like a proxy based firewall just for VoIP.
-Rich
From: NANOG <nanog-bounces+rich.compton=charter.com@nanog.org> on behalf of Mike Hammett <nanog@ics-il.net>
Date: Tuesday, September 21, 2021 at 3:31 PM
To: NANOG list <nanog@nanog.org>
Subject: [EXTERNAL] VoIP Provider DDoSes
CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking
links, or following guidance.
As many may know, a particular VoIP supplier is suffering a DDoS. https://twitter.com/voipms
Are your garden variety DDoS mitigation platforms or services equipped to handle DDoSes of VoIP services? What nuances does one have to be cognizant of? A WAF doesn't
mean much to SIP, IAX2, RTP, etc.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com