3CX Phone System thwarted an attempted Denial of Service attackHow robust will 3CX Phone System prove to be when handling a Denial of Service (DoS) attack or an Intrusion Attempt?

If you have asked yourself this question before, then it means that you are thinking in the right way - trying to foresee the potential problems, and evaluate the solidity of your solution.

One of 3CX's foremost resellers in the USA has, however, saved you the need to perform stress tests on your system to find out whether the solution can withstand a DoS attack or beat off a hacker.

3CX Premium Partner, Charles Ambrosecchia of Sigma Networks, reports that their Network Operations Center was the subject of an intense attack from an IP Address inside Germany for 17 continuous hours, with data rates peaking at over 5Mbps to a single 3CX Phone System installation.

Charles stated that 3CX Phone System performed admirably by rejecting the initial attempts at registration with incorrect forged credentials (essentially a brute force attack). Shortly thereafter, 3CX Phone System automatically classified the source of the attack as a potentially malignant entity and added it to its dynamic blacklist. Once an entity is in the blacklist, all requests it sends to 3CX Phone System are quietly ignored. This behaviour provides 2 benefits.

The first benefit is that by simply ignoring the request rather than responding with a "rejected" message, it saves on outgoing bandwidth. A DoS attack can very quickly consume bandwidth, but if each request has to be responded to with a reject message of some sort, it means that (typically) as the intensity of the DoS attack increases, the outbound traffic generated by the target grows. But since outbound bandwidth available on internet connections is, in most cases, asynchronous (download bandwidth available is much more than the upload bandwidth), it is very possible for the internet connection's upload bandwidth to be maxed out, making the internet connection practically unusable. Simply ignoring the requests very elegantly sidesteps this part of the problem.

The second benefit is that it completely nullifies a brute force hack attempt. A hacker sends requests with credentials generated by going through all possible permutations, and then farms the responses to understand which credentials have already been tried and rejected. In this case, however, simply ignoring the request takes away the one thing which the hacker needs to make progress - a response to indicate the validity or otherwise of the set of credentials provided within each request.

Charles also pointed out that, even though it sounds obvious, admins should be reminded that once an entity gets blacklisted, one should take advantage of this information and simply block the traffic at the source, e.g. your firewall.