This document provides an overview of telephony denial of service (TDoS) attacks, their impact, detection and mitigation methods. It introduces TelcoBridges and TransNexus as companies that provide TDoS protection solutions for carriers and enterprises. The presentation includes examples of TDoS attacks customers experienced and how the companies' products defended against them. Future trends around increasing threats and SHAKEN call authentication standards are also discussed.
3. 3
Today’s Presenters:
Alan D Percy
Product Marketing
alan.percy@telcobridges.com
Jim Dalton
CEO TransNexus
jim.dalton@transnexus.com
Alec Fenichel
Software Engineer
alec.fenichel@transnexus.com
4. TelcoBridges Inc.
• Manufacturer of telecom VoIP gateways and
SBC software for carriers and enterprises
• Privately held
• Founded in 2002
• Employees: ~40
• Headquarters: Montreal, Canada
• Hardware & software R&D as well as
production of its products in Montreal
• Sales/Support offices:
Poland, Turkey, Hong Kong
• 24/7 technical support
4
TelcoBridges HQ
5. • Software for the telecommunications
industry since 1997
• Solutions for
• Jurisdictional least cost routing
• Fraud prevention
• Robocall prevention
• TDoS protection
• STIR/SHAKEN
• Analytics and reporting
• Our software uses innovative methods
that we’ve invented and patented
TransNexus
6. 6
Telephony Denial of Service (TDoS)
“The Day the 9-1-1 Network Stood Still”
• Hacker in Phoenix was looking for bugs in Apple iPhone security
• Created web application that would dial 9-1-1
• Distributed application to unwitting user’s phones via Twitter
• 1,800 compromised phones made thousands of 9-1-1 calls
• Flooding 9-1-1 desks, overwhelming PSAP
• Blocking real emergency usage
• Required power-cycle of user’s phone to stop
https://www.networkworld.com/article/3137526/the-day-the-911-network-stood-still.html
7. 7
The Risks
“If coordinated with an actual physical terrorist
attack, this would be particularly catastrophic,
resulting in a large number of victims losing the
ability to connect with emergency services.”
- William N. Bryan, Under Secretary for Science and
Technology
8. 8
TDoS Impact
• More than a Nuisance
• Negatively Impacting
• Businesses
• Government
• Particularly Vulnerable:
• 9-1-1 Emergency Call Centers
• Banking and Financial
• Health Care
• Contact Centers
10. 10
Where do TDoS Attacks Originate?
• Usually using VoIP technology
• (faster, cheaper, easier to hide)
• Often Distributed Attacks
• Malware on desktop or mobile device
• Popular Open-source Applications
• CPaaS Platforms
• Legitimate notification services
11. 11
TDoS Attacker Motivations
Extortion
“Send me
Bitcoin
or else…”
Pranksters
Fame and
Fortune
Distraction
“Don’t look while
I hack your
system”
Robocalls
Inadvertent
TDoS
Competitor
“I’ll get your
customers”
12. What is the Impact?
Doctors and
healthcare
workers must
answer calls
Businesses need bad
calls blocked so they
can get to the good
ones
Inbound call
centers waste
time answering
calls.
Consumers
complain about
robocalls
15. 15
SIP Interface to Analytics
SIP
Response
Code
Action
503
Service
Unavailable
Call is good, proceed to next
route (destination)
603
Decline
Call is bad, disconnect
302
Moved
Temporarily
Call is suspect, re-route to
screening application
16. • Highly flexible blacklisting
• Invalid calling numbers
• High risk calling numbers
• Calling numbers with poor reputation
• SIP Analytics: real time traffic analysis
TDoS Detection Methods
Let’s have a look at these methods…
17. • Easy to configure
• Extensive blacklisting options available
• Telephone number or prefix
• Service provider, using their SPID/OCN
• Location (e.g., state/province)
• Country
• Can be applied to all calls or specific
telephone numbers
• Can block everything and open pinholes
as needed
Highly Flexible Blacklisting
18. • We collect a list of high-risk and
invalid numbers from a variety of
sources
• FCC consumer complaints
• Our honeypot traps
• Customer reported numbers
• Available as a subscription service
per telephone number
Shield Database
19. • Provides a 0 – 100 reputation
score for each calling number
• Higher scores indicate a higher
certainty of robocall detection
• Thresholds and actions can be
customized for each telephone
number
Reputation Service
20. • SIP Analytics performs real time
traffic analysis before call setup
• Automatically learns the call traffic
patterns for each individual
number
• Can detect and prevent robocalls
and TDoS attacks in milliseconds
while legitimate calls continue
uninterrupted
SIP Analytics®
21. • Report only
• Block
• Send to voicemail
• Send to CAPTCHA
• Modify caller display name (CNAM)
If an attack is detected, you can
<SPAM>
Audio sample
22. 22
Future Trends
1. Increasing threats for enterprises
2. TDoS protection is a new opportunity
for telephone service providers
3. SHAKEN Call Authentication
• Calling number is digitally signed
• Easy trace back for law enforcement
23. Case 1: Manufacturing Plant in Texas
Attack:
• Attacker leaves 200+ voicemails every night
Defense:
• Route suspect calls to CAPTCHA gateway for human
verification
24. Case 2: Travel Booking Service
Attack:
• Competitor’s agents calling to tie up agents on the phone
Defense:
• SIP Analytics blocks repetitive calls from the same number
25. Case 3: Auto Dealer in Florida
Attack:
• PRI capacity filled by robocalls
Defense:
• Reputation and Shield block bad calls to free up PRI capacity
28. 28
TransNexus Portfolio
• Dynamic call analytics and policies
• Least Cost and Intelligent routing
• Toll Fraud protection
• Robocall and TDoS Controls
• SHAKEN – Secure Telephony Identification
• Feature rich for service providers
• Simple to use for enterprise customers
• Cloud based or on-premises