[asterisk-users] Being attacked by an Amazon EC2 ...

Randy R randulo2008 at gmail.com
Tue Apr 13 01:27:11 CDT 2010


On Mon, Apr 12, 2010 at 7:17 PM, Darrick Hartman
<dhartman at djhsolutions.com> wrote:
> That only addresses EC2 (and assumes that Amazon has any interest in
> protecting their reputation).  What about attacks that come from other
> locations?  Granted it's pretty easy to buy time on an EC2 server so
> this may be the primary source for a period of time.

With the growth of the cloud offerings, this problem will likely grow,
so  yes, a generic solution is needed. What I want to see though, and
no provder has done much if anything about it, is REPORTING and
INVESTIGATION. It is easy to use a script to report and submit, we can
all do that, even I could (if I had a box running and needed to). The
hard part is them having their tech/sys people actually look at the
network and see, "Oh, ya, there's some shit happening that on that
instance..."

If Amazon's form submit didn't even work, that's a really bad
reflection on their brand in a lot of ways, including tech competence.
If that is know to geeks like us, it won't hurt them which is why,
like a broken record, I keep saying: put your Amazon experience out to
the public. When it starts being mentioned in Wired, "Storm Cloud" or
something, THEN Amazon will have to do something.

I do not believe Amazon is taking reasonable measures now in doing
their job, and that they should be working towards that goal,
reasonable measures as opposed to NO measures.

/r



More information about the asterisk-users mailing list