7 Ways to Stop VoIP DDoS Attacks from Crashing Your Phones

A distributed denial-of-service (DDoS) attack vector attempts to overwhelm a VoIP server with phony user requests. Because this massive volume of traffic is more than your network can handle, it can force your online service or website offline, preventing legitimate user requests from processing.

Cybercriminals can use them to disrupt your Voice Over Internet Protocol (VoIP) network services, which form the backbone of most modern business phone services and call center software.

VoIP services are highly susceptible to DDoS attacks because attackers don’t have to knock them offline to disrupt communications — a VoIP DDoS attack that ultimately fails may still significantly degrade voice call services.

Attackers can crash a business phone system in seconds. Imagine the damage to a popular brand during peak holiday shopping season, or to a power company during a blackout.

Let’s walk through how these attacks happen and specific steps you can take to defend against them.

Anatomy of a VoIP DDoS attack

Distributed Denial of Service attacks flood a network with enough fake traffic to crash anything online, like a website, app, or phone service. Legitimate users are denied service because the network is busy handling an astronomical number of fake requests.

It’s not hard to imagine how a VoIP server that handles a few hundred calls an hour will encounter some serious issues responding to a sudden spike of a few thousand calls per second.

Attackers use massive robot networks of interconnected devices — aka botnets — to carry out these attacks. Typically, these are compromised devices including, computers, routers, mobile phones, and IoT devices (smart home and wearable gadgets). Modern criminal botnets are capable of performing a massive number of repetitive actions to further DDoS attacks, spam campaigns, and credential stuffing attacks.

In a nutshell, a VoIP DDoS attack is a massive amount of garbage traffic hitting your network that prevents legitimate traffic from being handled. This could cause a disruption in service, crash the network, or escalate into a ransomware attack where a critical business system is down until you pay up.

Hackers often target (Session Initiation Protocol), the protocol used to initiate VoIP. They can send a massive volume of SIP call requests that can crash the victim’s VoIP server. This is known as a SIP flood attack.

Another common tactic is a SIP reflection attack, where the threat actor sends requests to thousands of random servers, but spoofs the victim’s IP address in the SIP requests. These servers send back responses to the victim, whose VoIP server is now flooded with requests.

How to prevent VoIP DDoS attacks

Any of the best business phone service providers have already implemented these defenses and a whole lot more. Businesses using those services should talk to their provider about the best way to prepare for VoIP DDoS threats, and the steps the provider is taking to keep the network safe against the latest threats.

If you are responsible for the infrastructure, here are seven ways you can defend your network from VoIP DDoS attacks.

1. Use a reverse proxy

Instead of allowing clients and web requests to interact directly with your servers, a reverse proxy sits in front of them, intercepting their messages. Therefore, the reverse proxy shields your servers by handling and filtering requests on their behalf. This is why they are also known as gateway servers.

Because reverse proxy servers receive the HTTP endpoint requests meant for origin servers, they can boost security, reliability, and performance. As a result, you can use a reverse proxy to protect your servers from DDoS and foreign attacks.

Here are some specific ways a reverse proxy server protects your infrastructure from DDoS attacks:

  • Regulating inbound traffic to ensure only legitimate ones are allowed through.
  • Protecting your critical resource servers (web, application, and database servers).
  • They mask your origin server’s IP address, making it harder for hackers to target.
  • Reducing latency by taking some computational load off your origin server, such as encrypting and decrypting transport layer security (TLS/SSL) communications.
  • They use load balancing and web acceleration to improve user experience.
  • They improve server performance by using rate limiting, content caching, and load balancing.

2. Deploy real-time, adaptive network monitoring

The best network monitoring tools can help prevent DDoS attacks through their ability to detect unusual network activity in real time. More than rote network monitoring, it can detect abnormal behavior in your network after establishing a baseline of typical activity as reference points.

As a result, your network security defenses are better positioned to adapt to the unusual traffic spikes caused by DDoS and defend endpoint protocols and IP blocks against malicious requests.

Along with preventing VoIP DDoS attacks, these real-time network monitoring can help prevent VoIP fraud.

3. Implement rate limiting

Once your network monitoring has established a network activity baseline, you can implement rate limiting, which is a strategy for limiting network traffic to forestall malicious bot activity and any other consequence of a DDoS attack, such as system resource exhaustion and overuse.

Rate limiting works by delaying or outrightly blocking requests from a single IP address or several traffic sources, especially when their request exceeds a threshold.

Rate limits are implemented in several ways to ensure only legitimate traffic is allowed. For example, they ensure a user, agent, or endpoint can’t repeat an action or activity within a certain duration of time, essentially restricting the number of requests that can be made to a resource. The overall effect of rate limiting makes it much more difficult for an attacker to launch a DDoS attack successfully.

In general, rate limiting allows you to customize the total number of requests permitted for a given server in a specified timeframe. This feature is typically provided in reverse proxy servers.

4. Reduce your attack surface

The less of your infrastructure you expose, the more difficult it is for criminals to hit their target. Therefore, reducing the surface area of your attack involves minimizing the scope of available options for attacking your computational resources, whether they are entry points, ports, protocols, network channels, or servers.

There are several ways to reduce your attack surface, like the following:

  • You should curtail your traffic to only countries with the predominant number of your users.
  • Use load balancers and reverse proxies to shield your servers.
  • Distribute critical assets so they’re more challenging to target. For instance, you can separate web servers by placing public-facing application servers on a public subnet while segregating their underlying database servers on a private subnet.

SEE: Learn more about more specific VoIP security best practices that can reduce your attack surface.

5. Harden your VoIP network security

There are several ways to harden your VoIP network against DDoS attacks. While you should always consider setting up firewalls as the first point of order, these are the low-hanging fruit of network defenses. As investors diversify their portfolios to minimize risk, you should spread your servers across several data centers and networks for better load balancing and tolerance.

Instead of traditional firewalls, a better approach is to choose the more sophisticated Web Application Firewall (WAF) or a Next-Generation Firewall (NGFW) that is more adept at protecting against DDoS attacks and other common application vulnerabilities, such as cross-site request forgery. It also provides threat prevention techniques like tailored rulesets that allow you to customize how you want incoming traffic filtered for improved security.

6. Implement black hole routing

Although black hole routing (sometimes “blackholing”) is a reactive DDoS prevention technique, when appropriately implemented, it can impede attacks by dropping or redirecting malicious traffic.

As its name implies, black hole routing prevents illegitimate traffic from reaching its desired target by redirecting it into a null interface or “black hole.” Furthermore, this is accomplished without bothering to inform the source that their data didn’t reach its intended target, thereby keeping criminals in the dark about the efficacy of their attack.

7. Bandwidth oversubscription

This involves an organization leasing significantly more bandwidth than it typically requires. However, this “oversubscription” isn’t likely to fiscally harm the business because of its ability to obtain favorable terms.

Granted, this isn’t a practical option for most organizations, but if you’re an enterprise firm, you should consider buying more bandwidth to mitigate the potential impact of DDoS attacks. So, increasing your network size provides a buffer that gives you the leeway to mitigate DDoS attacks.

A quick final note: This last VoIP DDoS prevention strategy is only going to stop a limited attack — if you were to get hit by a full-scale professional attack, any extra bandwidth you buy will quickly be eaten up.

In other words, oversubscription can be a useful hedge for some businesses, especially as part of a strong overall network security architecture.

Related Content

Streaming in Canada on Crave, Disney+ and Netflix [Dec. 23-29]

Best iPad apps for unleashing and exploring your creativity

Microsoft faces FTC scrutiny over alleged antitrust practices in federal cybersecurity deals

Leave a Comment