Q: What is Camfrog?
A: Camfrog is an audio, video and text chat software that runs on both Linux and Windows. Unlike most other applications, it utilized both the TCP and the UDP protocol for different parts of the service. TCP is being used for the text chat part of the software and the authentication process, while UDP is being used to transmit audio and video packets.
Q: How do attackers target Camfrog?
A: Attackers usually send spoofed DDoS attacks towards Camfrog servers to crash the application. Both TCP and UDP protocols are used for these spoofed attacks, UDP being the more dangerous of the two because the UDP protocol lacks the ability to verify the legitimacy of the packets before it gets processed.
a) Spoofed TCP attacks, that happen on layer 4 of the OSI model, usually send spoofed packets to port 6005, which is the default port of the Camfrog text chat and “join room”. If this spoofed traffic is not being mitigated properly by the hosting or anti DDoS provider, the packets will cause the application to crash and/or its users to disconnect.
b) Spoofed UDP attacks mostly target ports within the range from 5000 to 15000 with different payload sizes. This port range is used for the audio and video transmission of Camfrog. A successful attack with spoofed UDP packets towards that port range will cause the audio and/or video part of Camfrog to stutter, freeze or completely stop working. At the same time the TCP parts of the application (join room and text chat) might still remain active and working if not attacked at the same time.
Q: How are users affected by DDoS attacks on Camfrog?
A: Users that are active at the time get disconnected, have problems with the audio, video or text chat or simply can’t connect to the Camfrog room. This causes frustration of the users and they likely join other rooms instead that are correctly protected.
Q: What are the issues the DDoS protection of competitors often comes with?
A: Most other DDoS protection providers try to protect Camfrog rooms with static filtering rules or block only the part of the attack that would bring down the whole server, but not the packets that make the application crash or the audio and video transmission lag. While this does protect the server from going down completely, it by no means can be called proper Camfrog DDoS protection or VoIP protection for that matter, because it leaves the application itself vulnerable to attacks. Detection and mitigation of an attack often takes up to 5 minutes, which leads to users disconnecting and interruptions of the services until the attack is being mitigated. During this time frame the application is unusable and currently active transmissions are being terminated, which leads to a bad user experience. Some providers even block the whole UDP protocol instead of filtering it, because they lack the in-depth knowledge to do so and try to preserve the advertised uptime, claiming that the server is still online even if it’s only accessible via TCP and UDP and with it Camfrog is unusable.
Q: How does SovaHost solve these issues?
A: The security experts at SovaHost have built a comprehensive solution that completely prevents any kind of DDoS attacks affecting a Camfrog server or any other kind of VoIP service. Each packet sent to the Camfrog application gets inspected before reaching the application, to make sure it’s legit and not malicious. This Camfrog DDoS protection makes the service completely immune to even the smallest kind of attack.
SovaHost uses state of the art hardware with its own intelligent algorithms for detection of malicious traffic. In addition, to provide granular filtering especially for applications as prone to attacks as Camfrog, SovaHost uses its own in-house mitigation devices with attack detection and mitigation times below one second. This highly sophisticated multi layer filtering strategy assures that a protected service doesn’t suffer from lags or disconnection of any type while under DDoS. It furthermore allows customization as in fine-tuning for the application that’s being protected. Camfrog is one of the applications that SovaHost already offers tailored filtering rules for.
SovaHost offers DDoS protected VPS as well as DDoS protected dedicated servers, both of which can be used for Camfrog DDoS protection.