[asterisk-users] Being attacked by an Amazon EC2 ...
--[ UxBoD ]--
uxbod at splatnix.net
Mon Apr 12 12:31:51 CDT 2010
----- Original Message -----
> On 04/12/2010 12:05 PM, Randy R wrote:
> > On Mon, Apr 12, 2010 at 6:51 PM, Darrick Hartman
> > <dhartman at djhsolutions.com> wrote:
> >> I don't think anyone else brought up the Spamhaus DROP project.
> >> It's a
> >> blacklist of IP addresses and address ranges which are known to
> >> ONLY be
> >> used for malicious purposes.
> >>
> >> http://www.spamhaus.org/drop/
> >>
> >
> > Because this is in Amazon's interest, THEY should set up a way to
> > report these. Once you detect (in a script) that this is in their
> > range, a redirect would feed their own log with all the data they'd
> > need to proceed. This would work well, especially if they made you
> > register your calling IP to them, or authenticate. That way your
> > server and IP is on record and the report authenticated. Isn't this
> > reasonable?
>
> Randy,
>
> That only addresses EC2 (and assumes that Amazon has any interest in
> protecting their reputation). What about attacks that come from other
> locations? Granted it's pretty easy to buy time on an EC2 server so
> this may be the primary source for a period of time.
>
> Darrick
> -- Darrick Hartman
> DJH Solutions, LLC
> http://www.djhsolutions.com
>
Hence something like a RBL. I know the original OP was concerned about the bandwidth but TBH that is no different than rejecting rogue NetBios traffic that hits your router. It will still take away from your bandwidth cap.
--
Thanks, Phil
More information about the asterisk-users
mailing list