On 03/18/20 09:29 -0500, Blake Hudson wrote:
On 3/17/2020 1:54 PM, Dan White wrote:
On 03/17/20 14:38 -0400, Rich Kulawiec wrote:
On Tue, Mar 17, 2020 at 08:38:28AM -0700, Mike Bolitho wrote:
That's the good news. Here's the bad news: in about 2-3 weeks, when our health care systems are stretched to the breaking point, there will be a window of opportunity for adversaries to maximize the damage.
On a slightly tangential topic, we had a dictionary attack against customer voice accounts over night, presumably to implement toll fraud. We were in the middle of working out work-from-home plans and were quite distracted with other things. We managed to get on top of it quickly once someone noticed.
Attackers taking advantage of this situation is a serious concern.
Dan, we're aware of another telco that ran into a similar fraud situation last week. They stood up some more restrictive ACLs to combat the fraud, but broke VoIP RTP in the process. 'Hit em while they're occupied' type of attacks I guess should be expected right now. As my grandmother would say: an ounce of prevention is worth a pound of cure.
Hey Blake, I appreciate that. We've got two tendencies going on here at the moment: 1) Man the ship of operations. Stay alert and fix the problems that arise. Be totally reactive, and be the "hero". 2) Increase visibility and focus on network design. Move planned upgrades up a few weeks/months. Be proactive. Option 2 is the better long term option, but the risk is that any change, while short staffed is going to run the risk of unintended consequences. Basically it's "If it's not broke, don't fix it." and "Be very paranoid about what you touch. -- Dan White Network Admin Lead