[asterisk-users] Being attacked by an Amazon EC2 ...

Tom Stordy-Allison tom at stordy-allison.com
Sun Apr 11 15:23:41 CDT 2010 

Yeah - I've reported it to the EC2 abuse address about 10 hours ago, with no response as of yet.

I'm waiting on my ISP to see if they can block anything further upstream.

I should be lucky it's not 6Gbps like some!

Cheers,

Tom

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Stuart Sheldon
Sent: 11 April 2010 21:17
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Being attacked by an Amazon EC2 ...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

We reported abuse Saturday morning... As of yet, no change in traffic.

I have sent requests upstream to filter all UDP/5060 traffic from EC-2 range to stop the DDOS that we are under, but have only gotten 2 of our
4 providers to comply.

At this point, I guess well all just ride it out...

Stu


Tom Stordy-Allison wrote:
> Hi,
> 
> This is exactly what I've just joined this mailing list about.
> 
> Has anyone has any luck getting Amazon to stop the instances? I'm stuck with around 700Kbps of my 2.5Mbps inbound in use as my firewall blocks the requests as below. 
> 
> Cheers,
> 
> Tom
> 
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com 
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Norbert 
> Zawodsky
> Sent: 11 April 2010 20:57
> To: asterisk-users at lists.digium.com
> Subject: Re: [asterisk-users] Being attacked by an Amazon EC2 ...
> 
> Am 11.04.2010 17:05, schrieb Mark Smith:
>> Same this end from 184.73.17.150.
>> Use this little piece of iptables magic to block the whole of 
>> Amazon's EC2 ip- range.
>>
>> iptables -F
>> iptables -A INPUT -m iprange --src-range 
>> 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange 
>> --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m 
>> iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A 
>> INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP 
>> iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 
>> -j DROP iptables -A INPUT -m iprange --src-range 
>> 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange 
>> --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m 
>> iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A 
>> INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP 
>> iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j 
>> DROP service iptables save
>>
>> This sorts it out in the short-term until Amazon realise their 
>> service is being utilised by arseholes.
>>
>>
>>
>>
>>   
> Hi Mark!
> 
> your little iptables magic is a very good idea! Implementation took < 
> 1 minute :-) I'll use it until a better idea comes up ... (which I 
> don't expect within a short term)
> 
> Thank you!
> 
> Norbert
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBCAAGBQJLwi4rAAoJEFKVLITDJSGSrY4QAL1KGKvm1vZIskueMyV0Heau
3/IbbdHNYxWIj6xTm9bYH9b7DzQjiRx88Ox3vFppnXf3AR9+qD0hUSaaQwJBwNJp
LJ33vCqXGURjbib9tJkjzNJo3pz7FUS6rzwffpoVrzXmobrPJRmHSFswB3gKmXO5
UD6UrbY/SHuq1oJZG07F4cTyA2Dssq/T7eQiNG9ZcH3w4BW7ZBurbELFDIzfjF81
5d5/n7+9f4fg8R95YjBM+qnZYK74Ht2JPr27XmFxn2XGOrCgPyWe605j4fGm9sr8
LIpnDx/KN9cLQpGyzauF7xuv9TZj1F81RVYFg3Gms6k8MsPj0B6tKguASiSb8efq
d9goqG0lrQEcef/B2PLGD3yOjenpSDGFk9dLItWxnaJX3l0QhuK8nlNkuRiqTyrT
Vp74ky5ewDb+YxoowA/gfosyWLx/YfaN9N6fizUXabJZPffzAI7PqAEChZje14r4
lobsN4BWFTt80IqfEdmwQUcMiyktXmtkTsN1YbS7GYKbAPeNdArpvCFar8yKSla6
JsbCFSUelmodj4mU85ZmgHBup6u5NTiq4Z5FVUQvFrL5P79J9IGr9ewiz+/DzyDK
2f2MA/6P9a3hoBauGdU+FBvSP4TMp75Ntho28IHyRIz2Zz3FHedAcuIPavO+AbHv
EQ4ocAwQBX6fJvpYQwIm
=I4n1
-----END PGP SIGNATURE-----

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list