VoiP DDoS Mitigation Explained With Ray Orsini from OITVoiP [YouTube Release]

Additional Resources:

You Can Connect with OITVoiP here:

Subscribe to their Channel here

The Tech Bar One-Shots: Eating the WORLD’S HOTTEST Chocolate bar featuring Tom Lawrence

The Tech Bar Ep. 23 w/ Tom Lawrence of Lawrence Systems

Security Now Episode 837 Where they talk about the DDoS VoiP Attacks

Getting Started With The Open Source & Free Diagram tool Diagrams.NET
Getting Started With The Open Source & Free Diagram tool Diagrams.NET - YouTube

Connecting With Us

Lawrence Systems Shirts and Swag

►👕 https://teespring.com/stores/lawrence-technology-services


Amazon Affiliate Store
:shopping_cart: https://www.amazon.com/shop/lawrencesystemspcpickup

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Affiliates We Love - Lawrence Technology Services

Gear we use on Kit
:shopping_cart: Kit

Try ITProTV free of charge and get 30% off!
:shopping_cart: Learn technology and pass IT certifications with ITProTV

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: https://www.techsupplydirect.com/

Digital Ocean Offer Code
:shopping_cart: https://m.do.co/c/85de8d181725

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi cloud hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access

:moneybag: lawrencesystems is creating Tech Tutorials & Reviews | Patreon

:stopwatch: Timestamps :stopwatch:
00:00 Voip DDoS Mitigations
03:00 The Challenge with Real Time Communications
04:00 Who Is Ray Orsini & OitVoip
05:07 What is DDoS?
08:20 How Do Voip DDoS Attack Work?
14:04 Voip Mitigation Strategies
22:50 What About a Backup Voip Provider?
25:40 Toll Free Numbers
27:45 What About Number Porting?


1 Like

Well, now I understand regarding the lack of redundancy for phone numbers. Thank you for the video!

I would say the reason for the lack of redundancy is because of how the phone systems were used to setup with one phone wire per household. It’s episode 833.

Sure it has gotten a lot better over the decades; however, it seems to me that phone companies do not think about redundancy. If a PSTN-based phone company goes down, then no phone calls can go in or out. Can we really hope we can move out of PSTN and go with IP-based phone systems while still keeping 10-digit numbers? (sigh) Hmm… Probably not.

What a great video. Has brought up a ton of additional questions - I like it down here in the weeds…

I feel like you gave VoIP.ms a pass on the issue of call forwarding or maybe I am not understanding something. I don’t see the technical reason that a soft-switch or SIP proxy cannot live on a non-publicly known IP address for the sole purpose of receiving calls and passing them back out to the PSTN. I feel like that should be part of the mitigation strategy that should be pre-planned in the same way you need to have scrubbers on standby and BGP route announcements. If you are unable to absorb the traffic on your publicly known POPs from a DDoS attack, then have some non-publicly known servers/infrastructure that only do forwarding. I think this matters a lot for a telephony provider because it is the best last resort if you just cannot provide service for originating calls to your customers equipment over the public Internet because of a DDoS attack. VoIP is inherently vulnerable to DDoS, the PTSN is inherently inflexible in terms of where calls land for a given DID - so, you need a B-plan there it seems. The only B-plan that makes sense to me it to allow customers to reliably forward calls back to the PTSN which can only happen on “hidden” infrastructure (not necessarily private, but not publicly known).

I hope Bandwidth is more prepared - because it looks like the attack has moved upstream. :eyes:


1 Like

You mentioned at the beginning of the video that it is thanks to OITVoIP that your calls are now up and running. I don’t know if I missed it, but I didn’t hear in the video what they did to help you if your numbers are still with voipms.

I believe they were able to do an expedited on-net port at Bandwidth.

1 Like