Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Research & Proof of Concept]
- [SmallDoink#0666]
- [FuckBinary]
- [ScaredKYS]
- [VoIP DDoS Attack PoC]
- --
- VoIP AMP & NonAMP (D)DoS Attack
- --
- 1.1.1.1 = Target IP
- Abusing the many public APIs and servers for free VoIP services (Easily Patch-able [Not for VPN])
- -- START PROCESS --
- (Data)
- Attacker --- 1.1.1.1 ---> VoIP API/Server
- VoIP API/Server --- 1.1.1.1 ---> 1.1.1.1 (Target Server)
- 1.1.1.1 --- NO ---> VoIP API/Server
- -- END PROCESS --
- Above is the example of a basic DoS using the VoIP protocol and public servers.
- Below is an example of a mass attack using the VoIP protocol and many servers.
- By creating a temporary (AnyCast) network by having a manager server broadcast the same request to a list of voip servers, it allows easier and faster usage of the attack.
- -- START PROCESS --
- Attacker --- BROADCAST 1.1.1.1 ---> Broadcast Server
- Broadcast Server --- CONN 1.1.1.1 ---> VoIP Server(s)/API(s)
- VoIP Server(s)/API(s) --- CONN ---> 1.1.1.1 [On a mass scale, handling 100x VoIP connections will kill a server]
- [VPNs cannot block VoIP, or customers will have to not use the VPN ]
- 1.1.1.1 --- NO NO NO ---> VoIP Server(s)/API(s) [Forcing a return with NO or DENY will increase bandwidth, if a malicious VoIP server is used, we can decline the deny or no requests and spam connections without any cost on our server]
- -- END PROCESS --
- I will NOT be posting a list of VoIP servers anywhere, as this attack method will be replicated and abused by (D)Dos for hire services, such as web stressers. Upon testing, I could instantly kill a Google Cloud, OVH SAS, NFO, and Hydra that all had the default firewall.
- This being said, nobody has this attack method patched. If you wish to patch the attack, find me on discord or twitter
- Discord: SmallDoink#0666 | Twitter: FuckBinary
- ---
- ---
- 75% of the time, there is application data or normal data inside of a VoIP packet. If you see null VoIP packets, it's either an attack or a normal connection. The difficulty with patching this attack comes from their being no HEX characters to patch as it is legitimate connection requests being sent to the server.
- [Research & Proof of Concept]
- [SmallDoink#0666]
- [FuckBinary]
- [ScaredKYS]
Add Comment
Please, Sign In to add comment