Home / Blogs

Phone Always Busy? Must be DDoS on VoIP Network

Amidst the fascinating news from the SCO saga, preparing for SANS London and contributing to the Unix timeline project at Grokline my eyes caught a piece of rather distressing news on the BBC.

It appears that BT (British Telecom) intends to move its current phone network to an IP-based network by 2009 thereby sending the circuit-switched technology off to the attic.

The real question is: can we guarantee the same level of reliability on VoIP as we had on circuit-switched telephony when the stated aim is to carry both voice and data traffic down the same cables (or fibres more likely)?

One great truth about the phone network in Europe is that it is generally extremely reliable, especially if you use the incumbent operators (ex- state monopolies).

At least in my very own personal experience I can recall each and every occurrence of a phone outage which has affected my private phone: there were two in London, one due to a “high order fault” at the Nine Elms Lane exchange for about three hours, another was due to a backhoe taking up my wire in the road. A tad further back in time there were two in Milan, one was due to a thunderstorm hitting the building and blowing the telco fuses and the second was due to my exchange being moved from electro-mechanical to digital. There was one recent one in Geneva due to some unspecified fault at my exchange but which strangely coinceded with the day Cern moved from Swisscom to Sunrise as their main phone operator and we share the same exchange…

Surely that’s a pretty impressive record if, over the space of approximately 15 years I can recall each outage with precision.

Where does one start with IP outages? From the DSLAM mis-configurations which plague my current “el-cheapo” provider and the upstream monopoly wholesaler, or to the frequent routing hiccups, or the DNS timeouts?

To be perfectly honest I am not really that worried about emergency calls: from the little I have seen of the setup in the UK they are smart enough that they are going to be routed out of the IP network as soon as possible and, I would be prepared to bet, on a private IP network for emergency services. I am actually concerned about everyone’s daily use of the phone which we’ve come to rely upon as a dependable household good, a bit like the toaster.

People expect a phone to work at any time of the day or night and this is simply not the case with IP. There are too many variables: routers, IP routing tables, proper working of QoS settings are just a sample. Can we really trust IP routers as much as we trust switchboards? I think not.

So far we’ve only really talked about the infrastructure, we haven’t even started discussing about malicious use of it. Switchboards aren’t immune to malicious use, far from it (phreaking has been around for ages) but there seems to be a different rationale at work: getting free phone calls. If you break the switchboard you get no calls so there’s a sort of built-in incentive against DDoS’ing the phone system. When you have convergence between the phone system and the data network then the line becomes blurred, if I DDoS that website do I take down the phone service too? Do I know? Not only, let us assume I do take down the phone service: do I now care? “What about QoS on VoIP?” shout the proponents of VoIP… well, are your routers safe? If I can get to the routers I can reprogram the QoS parameters, not only, if you DDoS a network the load on the routers goes through the roof so there might be no CPU available to route your precious VoIP traffic.

I really don’t think that these problems, which are inherent in the design of IP, will magically disappear by 2009.

By Arrigo Triulzi, Chief Security Officer

Filed Under


James Seng  –  Jun 19, 2004 3:14 PM

the view that there are many possible points of failure in a IP network for voice is true but dont overlook there are equally, if not more, possible points of failures in POTS too.

POTS are more reliable because of the experience we have but I have faith Internet could evolved to match it too, given sufficient time.

But for now, it is ‘Good Enough’. And sometimes, Good Enough is good enough.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix