I DOS'd my Cell Phone

Discussion in 'OT Technology' started by Peyomp, Jan 21, 2009.

  1. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Yesterday I accidentally conducted a denial of service attack on my iPhone, using VOIP call flooding.

    I failed to turn off the 'call workers' on one instance of a Scalr server farm, and then proceeded to load test it with valid POSTs to queue calls in the database. 50 call workers processes then began to pull call information from the queue - which contained 39,000 records, to make 50 calls simultaneously - to my cell phone.

    It began to ring. Each time I pushed end call another was there. AT&T managed to deliver 37 simultaneous voicemails. In a couple minutes I managed to shut down the call workers and the flood ceased.

    Sort of. I kept getting voicemails in blocks of 90 at a time for the rest of the day. The voice was me as 'Vinnie' threatening my life. It was kinda creepy. For a while my service turned off. Checking the logs, it seems that out of 350 or so calls that were made, about 300 got through and were able to leave messages. I find this somewhat impressive, but part of me regrets not spawning 500 call workers instead of 50 to see what the network could really handle.

    I don't know if this has security implications beyond being humorous, but it is worth nothing that every major VoiceXML/VOIP software provider provides developer accounts without much in the way of credentials. It is also trivial to buy minutes in blocks from these same providers. Probably you could use this as a real DOS attack on someone's phone, or on an entire company's telephone system, if you had enough accounts distributed across providers.
     
  2. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Heh. Shit, for a second I thought you meant you installed DOS on your cellphone...

    /: atdt -dial 8888675309
    Connecting...

    :rofl:
     
  4. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Well, I was sending synchronous requests to a VOIP provider, from 50 PIDs at a time, so its a bit more complex than that, but not much.

    Yeah, it was funny. Everyone was laughing as I was freaking out.
     
  5. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    wait how do you call a mobile from your computer? The only way I knew of is Skype.

    also would you be able to accept calls on your computer, and setup e.g. voicemail?
     
  6. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    A few years ago I added a button on the back end of our shopping cart labeled "Send Josh Random Momma Joke"

    which called something like this
    Code:
    <!--#include file="500mommajokes.asp"--> 
    call sendmail ("[email protected]", "New Message!!" , sRandommomma)
    ..... everyone got a kick out of clicking the hell out of that button for about a week or two :rofl::rofl:
     
  7. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    :mamoru:
     
  8. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    We can make 1000 outbound calls simultaneously, or as many inbound. Google VoiceXML and IVR :)
     
  9. nucklearknight

    nucklearknight New Member

    Joined:
    Sep 21, 2008
    Messages:
    367
    Likes Received:
    0
    Location:
    San Francisco, California
    Lawl that's what I thought too :pp
     
  10. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    I interviewed with a company last week which had a massive on site VOIP call center on multiple T3's. All their calls are routed from Atlanta to one of 4-5 of their nationwide call centers.


    Their whole setup was :bowdown::bowdown::coold::coold:
     
  11. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Starpound?
     
  12. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    not sure, they said it's fully integrated into their websites and all back end systems. I'm not familiar with VOIP, had to google starpound :bigthumb:

    they also had about 100+ big screen lcd's throughout the building with real time analytics, server stats, abandoned carts etc. :coold:
     
  13. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Ah, I meant the company. Yeah, VOIP is kinda neat.
     
  14. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    Ah, no the company was Red Ventures. Their best known for direct tv (directstartv) ~$100 million/yr

    I used to think VOIP was neat until I got it bundled over my Road Runner. They've got a little bit more serious connection than that though, which I'd assume eliminates a lot of issues :hsugh:
     
  15. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Sounds like your VoIP doesn't have QoS, or else voice traffic would sideline everything else to maintain quality.
     
  16. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    The voip was built into the modem, I'd imagine whatever ports it was using got priority The problem was the entire connection period (internet, phone digital cable) liked to randomly crap out. It's been more stable lately but voip is long gone. (land line pointless anyway)
     
  17. 7960

    7960 New Member

    Joined:
    Oct 17, 2004
    Messages:
    60,415
    Likes Received:
    0
    Location:
    New England
    I used to work on voicemail systems...huge, corporate level stuff that could make thousands of calls at a time. One guy got pissed at another and so he programmed a development system to dial the other guy in the middle of the night. He covered his tracks so it took weeks to figure out exactly which system was doing it, but all during it he was getting hundreds of calls at random times through the night.
     
  18. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    i liiiiiiike it!
     
  19. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    1000 is an arbitrary limit. We can make as many calls out as we can spawn PIDs. I could of course thread the thing, go asynchronous with the requests or rewrite it in Erlang or something, but its pretty dirt simple atm and utterly reliable. 1000 outbound calls at once is roughly the limit where you will need to provision your own lines with a VOIP/VoiceXML provider, though.
     
  20. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    I'd be more worried about the cost of 1000 calls running at the same time than getting more calls started.
     
  21. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Yeah, you have to be making money on the calls to run any kind of volume.
     

Share This Page