Phyber Blog

Namecheap Is In The Middle Of A DDoS Attack | TechCrunch

Thu, 20 Feb 2014 13:48:03 -0800

Namecheap Is In The Middle Of A DDoS Attack | TechCrunch:

The attackers appear to be focusing on some of Namecheap’s primary DNS servers. As a result, many domains that are hosted on Namecheap will be unable to resolve, and other features that rely on their nameservers (like email) might not work.

NTP DRDoS Security Vulnerability

Mon, 10 Feb 2014 11:31:30 -0800

Due to recent NTP Distributed Reflection DoS Attacks (DRDoS) Phyber is requesting that all of our clients immediately upgrade and/or reconfigure their infrastructure.

With a 400x+ amplification factor of NTP (one 40 byte query usually generates 18252 bytes of response traffic) a single unfiltered 1 Gbps link can theoretically generate a 450+ Gbps attack.

Please consider one or more of the following “fixes”:

1. If you run ntpd, upgrading to the latest version, which removes the “monlist” command that is used for these attacks; alternately, disabling the monitoring function by adding “disable monitor” to your /etc/ntp.conf file.

2. Setting the NTP installation to act as a client only. With ntpd, that can be done with “restrict default ignore” in /etc/ntp.conf; other daemons should have a similar configuration option. More information on configuring different devices can be found here: https://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html.

3. Adjusting your firewall or NTP server configuration so that it only serves your users and does not respond to outside IP addresses.

If you have any questions, or require any assistance making these changes please contact us via phone or email.

Updates to Phyber’s Voice Service

Fri, 24 Jan 2014 10:02:04 -0800

As the traffic profile for our voice customers shifted from predominately wholesale call centers to enterprise customers if became obvious that changes to our voice service were necessary. While most of changes have already been implemented behind the scenes some changes will be visible to our customers.

Last quarter Phyber; replaced our legacy AT&T TDM interconnections with native IP, turned up new native IP interconnections with CenturyLink and Sprint, converted our LCR engine to a SQL backed platform capable of tracking millions of routes in real-time, and streamlined our rate update process to reduce our customer’s workload.

February 1st we will be turning up new native IP interconnections with Verizon. This gives Phyber direct access to all of the three remaining Regional Bell Operating Companies (RBOCs) and the ability to source DIDs in any rate center in the country.

As a result of these changes Phyber will be making adjustments to our routing, rates and rating, and E911 support.

Updates to Phyber’s Routing

Outbound calls from enterprise (Analog, PRI, SIP Trunk & Hosted PBX) customers will prefer routes via an RBOC carrier. In our experience over the past year, the difference in price (typically a hundredth of a cent) between the RBOC and a CLEC/Aggregator is not worth the inconsistency in call completion and quality. Enterprise users have the expectation that when a number is dialed it will be connected and sound good. The CLEC/Aggregator carriers will still be available in the LCR in the event that all three RBOCs are offline, but that is a very unlikely scenario. Wholesale customers with their own LCR supporting 503 codes will still have the option of using the CLEC/Aggregator carriers.

Updates to Rates and Rating

Phyber’s base outbound rate per minute (RPM) has been lowered 10% to $0.023 (2.3 cents). Inbound (local DID) has been lowered to $0.007 (0.7 cents) and Toll Free inbound remains the same at $0.049 (4.9 cents). Additional discounts are available for customers committing to 25,000, 50,000, 100,000 and 250,000 minutes. If you are not sure which tier you are currently in, or would like to explore pricing options please let us know.

Minimum call durations and increments have been adjusted to:

18/6 (6 second increments and a 18 second minimum charge) outbound to the United States, Canada and the Caribbean.
30/6 outbound to International.
60/60 outbound to Mexico.
6/6 Inbound local DID and inbound Toll Free.

Updates to E911 Support

E911 requires a significant amount of infrastructure and operational support to maintain. In the past we offered E911 as an opt-in service, requiring customers to maintain a fixed PSTN connection on their PBX for 911 dialing. As more and more customers establish service with Phyber using IP only PBXs and Hosted PBX service we reached the conclusion that E911 should be an explicit opt-out moving forward. Specifically, customers must certify that they have and will maintain a PSTN connection from their PBX for the sole purpose of dialing 911.

E911 is not a perfect system. It requires that the physical address for each DID be pre-registered for the PSAP to lookup, and it requires a working network connection back to the Phyber SPOP. Because of this we strongly recommend the use of a PSTN link as a backup and will install one in your location for cost. We will be contacting each customer to confirm address registration information for DIDs, and if desired certify and opt-out of E911 dialing support.

Going forward the monthly charge for DIDs will be:

Non E911 registered DIDs $0.50 ea
E911 registered DIDs $1.50 ea

What’s Next?

We will continue to look for ways to improve our customer’s experience and voice service options. Currently we are in limited BETA for a new Hosted PBX service with a Q2 target for general availability. If you have any questions or would like more information please give us a call.

Phyber’s 11th Floor Datacenter in the One Wilshire...

Thu, 23 Jan 2014 10:02:00 -0800

Phyber’s 11th Floor Datacenter in the One Wilshire Building. These photos were taken immediately after the wiring was completed. This suite has 50 cabinets in a Dual (A+B) 20 Amp 120 Volt power configuration - a touch under 250 breaker kW. At peak this suite had almost 2,000 servers for a single customer.

Fighting Denial of Service Attacks

Tue, 21 Jan 2014 15:54:36 -0800

In August of 2013 Phyber Communications took the brunt of a significant Distributed Denial of Service Attack (DDOS). The attack started by targeting one of our customers and then increased in scope to Phyber’s name servers and other critical core infrastructure. Estimated at over 50 Gbps this attack overwhelmed our countermeasures at the time and resulted in an unacceptable service interruption for many of our customers.

In the days following this attack we sat down and evaluated what worked, what didn’t, and what we needed to do for the future. Specifically how to protect our customers and ourselves on an Internet where 50 Gbps attacks are normal and 100 Gbps attacks are becoming more common.

What is a DoS / DDoS Attack?

A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attack on a data network that floods it with so many additional requests that regular traffic is either slowed or completely shut down. These attacks are most likely to take on one of the following three general forms:

Attack on Bandwidth – attackers attempt to saturate the available bandwidth on the network port, rendering any services behind it unusable.
Crash Attack – attackers use malformed packets and protocol violations in an attempt to “crash” the target system(s).
Resource Drain Attack – these attacks attempt to absorb enough resources (memory and CPU cycles) to disrupt normal services to legitimate users.

What happens in the event of an attack?

When notified of a possible attack, engineers analyze network data to confirm whether an attack is in progress, and then re-direct incoming traffic through one of our mitigation platforms. The DDoS mitigation platforms are built on best-of-breed technology, which removes attack traffic and passes legitimate “clean” traffic, allowing your business to continue to function during the attack.

What are my options with Phyber?

Phyber has two DoS mitigation platforms - Standard and Advanced. Our Standard platform is included with Phyber’s service free of charge to all of our customers. The Standard platform will filter an attack up to two (2) Gbps for three (3) hours. If the attack becomes larger, or lasts longer the engineer can extend mitigation or blackhole the attacked resource so other systems on your network will not be affected.

The Advanced platform is a unified collection of external platforms and is designed for customers who have critical infrastructure, more than 1 Gbps of Internet Access, or have been the victim of a DoS attack in the past. The Advanced platform is an optional monthly subscription service requiring some network changes and integration work. While the Advanced platform will filter up to a 100 Gbps attack, as part of the monthly subscription Advanced will filter an attack up to 10 Gbps for six (6) hours without additional cost. Attacks larger in size, or longer in duration will be billed based on the total filtered traffic.

How do I deploy?

Going forward the Standard platform is automatically included for every Phyber customer. If you are having a problem that you believe may be a DoS attack please immediately open a ticket with our NOC via email or phone and we will immediately investigate and begin filtering if necessary. The Advanced platform requires subscribing to the service and if necessary implementing network configuration changes. These changes will be made by our engineers with as little disruption to service as possible and coordinated with your team. The service is on a month-to-month basis and can be canceled at any time if you determine it is no longer needed.

Where do we go from here?

We will continue to look for new ways to improve our network and filter detrimental attacks to any systems on our network. Please contact Phyber for more information or to sign up for the Advanced DoS mitigation platform.