Answer the question
In order to leave comments, you need to log in
Is it possible to DoS a subscriber via SIP or WebRTC if he has limited traffic?
Let's say a subscriber calls us via SIP or WebRTC from a mobile phone (or we call him ourselves). The server does not transmit RTP media through itself, but tells us the address and port for receiving the stream. We make a call, then the call ends, and on NAT the corresponding port remains open for some time. We can flood this port with unnecessary traffic, and if the subscriber has limited Internet, then he will have to pay for this traffic, and he will not be able to stop it in any way, he can only disconnect from the network. This will result in a DoS attack: having disconnected from the network, he will not be able to receive calls from other people.
Or will it not be necessary, when its client closes the port, it will send Port unreachable, and the operator's NAT on this ICMP will close the port, and the following packets will not reach it?
What if IPv6 is used? there is no NAT, and in general there is no way to protect yourself from such a vulnerability by finding out the client's address in any way, even through SIP, even when accessing any other service, you can always flood it. The firewall on the client side will not save - once the traffic has reached it, it will be counted, even if the firewall on the client rejects it.
Answer the question
In order to leave comments, you need to log in
Firstly, it depends on the subscriber's nat (full-cone, port restricted, address restricted) and what the operator's session timeouts are.
Secondly, you described normal ddos per channel. You can take any static address from the operator's network, issued to legal entities, and start flooding it, as a rule, for legal entities, communication services are expensive, they take channels of limited capacity. And then see what happens: the client will write to his operator that it is impossible to use the service, his operator will write to your ddos abuse, your operator will write to you to check, if you continue, then go, then the operator will turn off your Internet, and then you will go according to 273 of the Criminal Code of the Russian Federation. If it is a government agency, then 274.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question