Stopping internet site attacks.

What should internet site owners and the government be doing to stop their sites being made unusable by people attacking them?

Today, I could not make a phone call using my normal VOIP supplier (Voipfone) and I have read about the problems people have had with their Tesco food orders. Like it appears many people I place internet food orders long in advance to book a slot, and then amend the order to exactly what we want close to the date delivery.

In reply to a post by Michael_Chare:

What should internet site owners and the government be doing to stop their sites being made unusable by people attacking them?

Is it not a case of Buyer Beware?? Free market and all that?

I have to ask if your service provider is buying appropriate upstream protection from their ISP or bulk carrier, or companies such as Cloudflare.

One of the problems with the independent VoIP industry is just knowing how established and experienced operators are.

I use AAISP for my single line VoIP service as they have been in the internet industry for a long time and are extremely technical. My line isn't critical (I have access to mobiles on various networks) but I suspect they would be in a better place than some of the younger companies.

Edited by jchamier (Wed 27-Oct-21 22:09:31)

In reply to a post by jchamier:

In reply to a post by Michael_Chare:

What should internet site owners and the government be doing to stop their sites being made unusable by people attacking them?

I use AAISP for my single line VoIP service as they have been in the internet industry for a long time and are extremely technical. My line isn't critical (I have access to mobiles on various networks) but I suspect they would be in a better place than some of the younger companies.

AAISP aren't immune to DDOS attacks. They've suffered quite a few.

https://aastatus.net/2512

We could look on this similarly to how we regard the need for a police force.

Yes Voipfone and other companies are private businesses, but the police provide security services for warehouses and high street shops. No direct charges to those businesses for those services.

In the same way, there could be a Nationally provided service for mitigation of Ddos attacks. Could be funded by general taxation - why not?
There might be technical work needed to bring this online where and when required - not beyond the wit of persons.

The similarities are there. Criminals attacking civilian infrastructures. Damaging the general economy.

In reply to a post by j0hn83:

AAISP aren't immune to DDOS attacks. They've suffered quite a few.

I didn't think anyone would be immune, more they would be in a (hopefully) more experienced position. Maybe I am just wishing that to be true?

Either that, or the independent VoIP industry shuts down and we all use the mega ISPs services (e.g. BT Digital Voice).

In reply to a post by clyde123:

The similarities are there. Criminals attacking civilian infrastructures. Damaging the general economy.

"Great Firewall" of the UK perhaps ?

Doing a Donald 🤣

In reply to a post by Michael_Chare:

What should internet site owners and the government be doing to stop their sites being made unusable by people attacking them?

Today, I could not make a phone call using my normal VOIP supplier (Voipfone) and I have read about the problems people have had with their Tesco food orders. Like it appears many people I place internet food orders long in advance to book a slot, and then amend the order to exactly what we want close to the date delivery.

A couple of web pages that might interest you:
https://www.computerweekly.com/opinion/The-ransomwar...
https://www.bbc.co.uk/news/technology-59053876

There is a smugness with some VoIP user that their chosen hosted supplier has had no recent loss of service because they have been in the game a long time and therefore their perimeter protection can handle any nasties thrown at it. But when you have state funded hacking, it is just good fortune that today you, or anyone else, are not a victim of Ransomware.

Voipfone have been quite transparent that they have been under attack and pulled out all the stops with damage limitation and could well be the good guys that discovery a solution to the problem to the benefit of all.

In reply to a post by trolleybus:

There is a smugness with some VoIP user that their chosen hosted supplier has had no recent loss of service because they have been in the game a long time and therefore their perimeter protection can handle any nasties thrown at it.

I didn't think there was any smugness in the other thread by Pheasant, in my opinion he was purely trying to help you (like he does for everyone) by suggesting other possible options that could help you by mitigating the issue going forward.

In reply to a post by trolleybus:

There is a smugness with some VoIP user that their chosen hosted supplier has had no recent loss of service because they have been in the game a long time and therefore their perimeter protection can handle any nasties thrown at it. But when you have state funded hacking, it is just good fortune that today you, or anyone else, are not a victim of Ransomware.

The only way to handle DDoS is to be on REALLY good terms with your Tier 1 provider. If you are 4th or 5th layer down, the Tier 1 provider will have no idea whom you are, or care about your customers.

for example Microsoft's Azure cloud managed to handle terabits of DDoS this year, but they are interconnected to many Tier 1 providers around the globe.
https://www.theverge.com/2021/10/12/22722155/microso...