[asterisk-users] Being attacked by an Amazon EC2 ...

Hans Witvliet hwit at a-domani.nl
Tue Apr 13 07:04:46 CDT 2010


On Tue, 2010-04-13 at 09:47 +0100, Gordon Henderson wrote:
> On Tue, 13 Apr 2010, Alyed wrote:
> 
> > Think we need some solution WITHIN the Asterisk core. Roderick A. suggested
> > something that looks nice using iptables, some others have pointed out using
> > RBL or fail2ban, but the best would be to have some generic solution not
> > dependant on third party programs.
> 
> I'd strongly disagree with this. (And I was the OP of this thread and had 
> my home/office network connection taken down due to it)
> 
> But then, I'm an old worldy Unix sysadmin and the philosophy of having a 
> program do one thing well is still etched into my core...
> 
> http://en.wikipedia.org/wiki/Unix_philosophy
> 
> So get asterisk to do what it does well, then get something else that does 
> what you need to do just as well - built-in to Linux are the iptables 
> firewall rules. Use them! They are very effective and do work. (And you 
> have a choice!)

I'll agree with you here.
Any aditional security within * is fine, but if someone is simply
drowning your bandwith, action must be taken at a lower level.
Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
mail, ssh, ldap, http, rsync, (or any other service you might be
running)

So a proper job for ip(6)tables, imho



More information about the asterisk-users mailing list