[Freeswitch-users] Avoiding DDoS with verto?

David P davidswalkabout at gmail.com
Thu Oct 7 20:47:25 UTC 2021


After reading about recent DDoS attacks on VOIP providers in
https://www.rtcsec.com/post/2021/09/massive-ddos-attacks-on-voip-providers-and-simulated-ddos-testing/
in which Freeswitch is mentioned, I wondered what current practices are for
services that must serve the public Internet.

For example, a service that is purely verto-based seems like it could
protect itself in this way:

1) Block requests on all ports (except the verto WSS login) unless the
request is from an address that's already part of signaling.

2) To protect signaling, put it behind AWS API Gateway, which provides
rate-limiting, and add an authorization check.

Does this seem like it would defend against DDoS? Can FS be configured to
do #1?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20211008/91c1e539/attachment.html>


More information about the FreeSWITCH-users mailing list