[asterisk-users] Being attacked by an Amazon EC2 ...
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Tue Apr 13 03:24:41 CDT 2010
On Tue, Apr 13, 2010 at 08:27:11AM +0200, Randy R wrote:
> On Mon, Apr 12, 2010 at 7:17 PM, Darrick Hartman
> <dhartman at djhsolutions.com> wrote:
> > That only addresses EC2 (and assumes that Amazon has any interest in
> > protecting their reputation). What about attacks that come from other
> > locations? Granted it's pretty easy to buy time on an EC2 server so
> > this may be the primary source for a period of time.
>
> With the growth of the cloud offerings, this problem will likely grow,
> so yes, a generic solution is needed. What I want to see though, and
> no provder has done much if anything about it, is REPORTING and
> INVESTIGATION. It is easy to use a script to report and submit, we can
> all do that, even I could (if I had a box running and needed to). The
> hard part is them having their tech/sys people actually look at the
> network and see, "Oh, ya, there's some shit happening that on that
> instance..."
But this potentially moved DoS attacks from one place to another.
Especially given that the source of a UDP packet is easy to forge.
(And yes, in this case the attack was not intended to be a simple DoS)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list