North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Sipura VoIP phone adapters and DoS against name servers
Get in contact with manufacturing vender for a fix, and then tell us what they did or what they intend to do to remedy the problem. -Henry --- [email protected] wrote: > > Last night we configured our equipment to reject > recursive DNS lookups > from non-customers. This morning, soon after normal > office hours began, > we started receiving around 2500 DNS lookups per > second more than normal > to our recursive name servers. > > After analyzing the DNS lookups, we found that all > of the extra traffic > was generated from customers of a local VoIP > provider which uses Sipura > (SPA-2000) phone adapters. It seems that when these > adapters don't > receive answers to their DNS queries, they will > retransmit the query > once per second (until they receive an answer). > Multiply by number of > adapters, and you have the recipe for a nice DoS. > > Shades of Netgear NTP DoS > (http://www.cs.wisc.edu/~plonka/netgear-sntp/) > - don't vendors ever learn? > > Steinar Haug, Nethelp consulting, [email protected] >
|