Ask HN: How to mitigate “SMS layer” DDoS attacks with Twilio-style services?

2 points by turkeytotal 6 years ago | 5 comments

Recently a website that does customer support over SMS was DDOS'd. An angry customer wrote a script to spam the support line with thousands of texts. A hefty bill was racked up, but thankfully the customer was placated and the attack stopped.

It quickly came to the service's attention that Twilio (and any downstream providers) only supports blocking numbers for inbound calls:

https://support.twilio.com/hc/en-us/articles/223181648-Is-there-a-way-to-block-incoming-SMS-on-my-Twilio-phone-number-

The service is in search for an alternative, and hoping a fellow HN-er would be able to provide some insight/mitigations. It appears bandwidth.com does not support blocking SMS from specific numbers either, so the concern is that this may be a limitation of the telephony system.

Thank you in advance :)

posguy 6 years ago |

Your carrier should not be charging you for inbound SMS, changing SMS enablement providers can usually be done in a few minutes.

I would encourage you to look at Teli, Telnyx & Signalwire, iirc they all support blocking texts from a particular number. Avoid Bandwidth.com unless you want to deal with a long sales funnel and chasing them for API keys they never provide.

turkeytotal 6 years ago | |

>Your carrier should not be charging you for inbound SMS

Agreed!

>look at Teli, Telnyx & Signalwire

Thank you, a quick glance seems to indicate they do not charge for inbound SMS on local numbers.

posguy 6 years ago | | |

Teli has treated us well for years, they use some small cell provider in the midwest for SMS/MMS enablement. Signalwire is essentially Bandwidth.com without the sales funnel.