[geeks] Using a mailing list for a DDOS attack

der Mouse mouse at Rodents.Montreal.QC.CA
Mon Nov 26 12:24:30 CST 2007


> It does bring up an interesting question -- one of testing critical
> systems.

> Is it never OK to verify that an emergency number works on your
> system?  It really sucks to find out that it doesn't when someone's
> blood is draining quickly.

It is not "never OK".

I work for a company that does, among other things, VoIP telephony.
One of the things we handle is 911 calls (this is North America, so the
emergency number is 911, not 112).

We have had a few customers call 911 to make sure it works, and,
provided they stay on the line and make it clear to the dispatcher that
they're making sure 911 works on a new phone system, I've heard
positive, not negative, things about this.

However, inciting many thousands of people to do this in a short time
period, that is a DoS attack against the emergency service system.
Stuff that's fine in onesy-twosey quantities can be very problematic in
larger quantities - that's what DoS attacks are all about.

If I dial 112, or 911, on my cell, even with keylock on, when I dial
the third digit it displays the number instead of the "keypad locked"
screen.  I've never hit the "place call" button on either of them as a
test.  I've called 911 something like twice from my phone (in non-test
circumstances) and it's worked each time; I feel no need to test more.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse at rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B



More information about the geeks mailing list