Skip to content

Phils Blog and Stuff

TELECOMS. VIRTUALIZATION. IT. CODING. and more…

Menu
  • Home
  • Resources
    • Subnet Mask Cheat Sheet
    • Easy Dmarc+Email
    • MX Tool Box
    • LOAD BALANCING & SRE
  • SHOP
  • SOLUTIONS
  • SERVICES
  • Contact Me
Menu

3CX Phone System Withstands Massive Online Attack

Posted on 05/03/201208/03/2023 by Phil

3CX Phone System thwarted an attempted Denial of Service attackHow robust will 3CX Phone System prove to be when handling a Denial of Service (DoS) attack or an Intrusion Attempt?

If you have asked yourself this question before, then it means that you are thinking in the right way – trying to foresee the potential problems, and evaluate the solidity of your solution.

One of 3CX’s foremost resellers in the USA has, however, saved you the need to perform stress tests on your system to find out whether the solution can withstand a DoS attack or beat off a hacker.

3CX Premium Partner, Charles Ambrosecchia of Sigma Networks, reports that their Network Operations Center was the subject of an intense attack from an IP Address inside Germany for 17 continuous hours, with data rates peaking at over 5Mbps to a single 3CX Phone System installation.

Charles stated that 3CX Phone System performed admirably by rejecting the initial attempts at registration with incorrect forged credentials (essentially a brute force attack). Shortly thereafter, 3CX Phone System automatically classified the source of the attack as a potentially malignant entity and added it to its dynamic blacklist. Once an entity is in the blacklist, all requests it sends to 3CX Phone System are quietly ignored. This behaviour provides 2 benefits.

The first benefit is that by simply ignoring the request rather than responding with a “rejected” message, it saves on outgoing bandwidth. A DoS attack can very quickly consume bandwidth, but if each request has to be responded to with a reject message of some sort, it means that (typically) as the intensity of the DoS attack increases, the outbound traffic generated by the target grows. But since outbound bandwidth available on internet connections is, in most cases, asynchronous (download bandwidth available is much more than the upload bandwidth), it is very possible for the internet connection’s upload bandwidth to be maxed out, making the internet connection practically unusable. Simply ignoring the requests very elegantly sidesteps this part of the problem.

The second benefit is that it completely nullifies a brute force hack attempt. A hacker sends requests with credentials generated by going through all possible permutations, and then farms the responses to understand which credentials have already been tried and rejected. In this case, however, simply ignoring the request takes away the one thing which the hacker needs to make progress – a response to indicate the validity or otherwise of the set of credentials provided within each request.

Charles also pointed out that, even though it sounds obvious, admins should be reminded that once an entity gets blacklisted, one should take advantage of this information and simply block the traffic at the source, e.g. your firewall.

 

 

POSTS

  • Home Assistant. Add water meter with PHP+MQTT+YML.
  • Automating your home with Home Assistant. Initial install and config (Hyper-V).
  • The importance of setting up email security correctly.
  • Automate Debian installations with Seed, DHCP and Nginx.
  • A simple link shortener.. Fun little project…

WORD CLOUD

3CX 3CX Phone System Apache Asterisk Cacti CentOS CRM DHCP DNS Email Fail over Failover File System Firewall FreeBSD FreeNAS FXO IAX install IP IP PBX Linux M0n0wall Nottingham Open Source PBX PFSense PHP Router Server SIP snom SSH TrixBox ubuntu VLAN Voice VoIP VPN vyatta WAN Website WiFi yealink ZFS

© 2025 Phils Blog and Stuff | Powered by Superbs Personal Blog theme