[asterisk-users] Being attacked by an Amazon EC2 ...

Fred Posner fred at teamforrest.com
Sun Apr 11 09:15:21 CDT 2010


On Apr 11, 2010, at 10:06 AM, Zeeshan Zakaria wrote:

> I don't k know if there is a tool to sniff passwords, but did you check in /va/log/asterisk/full? Maybe wireshark can be used for this purpose, but it'll be not that straight forward.
> 
> Interestingly I checked log of my server and found out that I was also under attack yesterday by an Amazon cloud server, IP 184.73.53.22. Thanks to fail2ban the IP was blocked. But I guess I am now used to these attacks as it is a routine now and so far fail2ban is working fine for me. But my server (and now yours too) is in some hackers list of "asterisk favourites" and will keep getting under attack.
> 
> I'll now send an email to Amazon.
> 
> Zeeshan A Zakaria
> 
> --


We were also attacked from 184.73.53.2 yesterday and sent an email to their abuse (with no response). The interesting thing about this attack, was instead of just making registration attempts, it also tried to call extensions first... our dialplan doesn't allow for either but was unusual in that most aren't trying to dial an extension before regging them.


More information about the asterisk-users mailing list