[asterisk-users] Being attacked by an Amazon EC2 ...
Gordon Henderson
gordon+asterisk at drogon.net
Sun Apr 11 06:37:32 CDT 2010
On Sun, 11 Apr 2010, --[ UxBoD ]-- wrote:
> In the end I set up OSSEC (http://www.ossec.net) and wrote a rule that
> would monitor for failed SIP registrations. If a few occurred within a
> short space of time the Active Response kicks in and blocks the IP
> address using IPTables. -- Thanks, Phil
Cheers - but it's not blocking that's the real issue, that's trivial in my
router or on the PBX, it's that my monthly ADSL data cap is being used up
and my ISP is not responding (actually, they might if I phone them, but
it's not desperate right now as I'm unlimited at the weekend), and neither
is Amazon.
My currently monthly peak-time cap is 45GB - 8am to 8pm and they seem to
be eating up some 7-10GB a day... So I might actually be OK and can just
"weather it out", but it's still annoying.
I'm tempted to just block all of Amazons EC2 and say to hell with them.
Shouldn't be too hard to track them down - eg. from whois on that IP:
NetRange: 72.44.32.0 - 72.44.63.255
CIDR: 72.44.32.0/19
NetName: AMAZON-EC2-2
NetRange: 75.101.128.0 - 75.101.255.255
CIDR: 75.101.128.0/17
NetName: AMAZON-EC2-4
NetRange: 67.202.0.0 - 67.202.63.255
CIDR: 67.202.0.0/18
NetName: AMAZON-EC2-3
NetRange: 174.129.0.0 - 174.129.255.255
CIDR: 174.129.0.0/16
NetName: AMAZON-EC2-5
NetRange: 204.236.128.0 - 204.236.255.255
CIDR: 204.236.128.0/17
NetName: AMAZON-EC2-6
NetRange: 184.72.0.0 - 184.73.255.255
CIDR: 184.72.0.0/15
NetName: AMAZON-EC2-7
(so much for running out of ipv4 address space when amazon has millions)
And there are well knowing published lists from all chinese hosts, etc.
too. Easy enough too cook up iptables to allow data from sites I connect
out to, but block all incoming new connections.
Gordon
More information about the asterisk-users
mailing list