[asterisk-users] Being attacked by an Amazon EC2 ...

--[ UxBoD ]-- uxbod at splatnix.net
Tue Apr 13 03:42:32 CDT 2010 

----- Original Message -----
> Think we need some solution WITHIN the Asterisk core. Roderick A.
> suggested something that looks nice using iptables, some others have
> pointed out using RBL or fail2ban, but the best would be to have some
> generic solution not dependant on third party programs.
> 
> I'm not aware of the asterisk.dev list but maybe someone can tell if
> they can help us here?
> 
> Alyed
> 
> 
> 
> 2010/4/13 Randy R < randulo2008 at gmail.com >
> 
> 
> 
> On Mon, Apr 12, 2010 at 7:17 PM, Darrick Hartman
> < dhartman at djhsolutions.com > wrote:
> > That only addresses EC2 (and assumes that Amazon has any interest in
> > protecting their reputation). What about attacks that come from
> > other locations? Granted it's pretty easy to buy time on an EC2
> > server so
> > this may be the primary source for a period of time.
> 
> With the growth of the cloud offerings, this problem will likely grow,
> so yes, a generic solution is needed. What I want to see though, and
> no provder has done much if anything about it, is REPORTING and
> INVESTIGATION. It is easy to use a script to report and submit, we can
> all do that, even I could (if I had a box running and needed to). The
> hard part is them having their tech/sys people actually look at the
> network and see, "Oh, ya, there's some shit happening that on that
> instance..."
> 
> If Amazon's form submit didn't even work, that's a really bad
> reflection on their brand in a lot of ways, including tech competence.
> If that is know to geeks like us, it won't hurt them which is why,
> like a broken record, I keep saying: put your Amazon experience out to
> the public. When it starts being mentioned in Wired, "Storm Cloud" or
> something, THEN Amazon will have to do something.
> 
> I do not believe Amazon is taking reasonable measures now in doing
> their job, and that they should be working towards that goal,
> reasonable measures as opposed to NO measures.
> 
> /r
> 
> 
> 
> 

DNS lookup capability appears to be required on a Asterisk installation and hence a DNSRBL would appear to be a good solution. A alternative, similar to the SaneSecurity AV sigs, would be to have a pool of rsync servers for downloading a list of known IPs.  Again this would require community contribution in both time and resources.  I would be happy to allocate some spare memory and CPU cycles and hopefully my employer would as-well.
-- 
Thanks, Phil

More information about the asterisk-users mailing list