[asterisk-users] Being attacked by an Amazon EC2 ...

--[ UxBoD ]-- uxbod at splatnix.net
Tue Apr 13 04:42:39 CDT 2010


----- Original Message -----
> On Tue, 13 Apr 2010, Alyed wrote:
> 
> > Think we need some solution WITHIN the Asterisk core. Roderick A.
> > suggested something that looks nice using iptables, some others have
> > pointed out using
> > RBL or fail2ban, but the best would be to have some generic solution
> > not dependant on third party programs.
> 
> I'd strongly disagree with this. (And I was the OP of this thread and
> had my home/office network connection taken down due to it)
> 
> But then, I'm an old worldy Unix sysadmin and the philosophy of having
> a program do one thing well is still etched into my core...
> 
> http://en.wikipedia.org/wiki/Unix_philosophy
> 
> So get asterisk to do what it does well, then get something else that
> does what you need to do just as well - built-in to Linux are the
> iptables firewall rules. Use them! They are very effective and do
> work. (And you
> have a choice!)
> 
> The biggest issue I see is that people are installing Asterisk and
> other high-level applications on top of Linux (and other *nix'es)
> without the
> experience of "sysadmin" - then when something goes wrong they want
> the application to fix it rather than apply some basic and pretty
> fundamental sysadmin techniques to solve the issue.
> 
> And that means that even having permit= and deny= in sip.conf and
> iax.conf, etc. is too much. With proper OS level firewalling they're
> simply not needed and do nothing more than add another potential point
> of failure and add yet more code to maintain.
> 
> Gordon
> 

Gordon,

Completely agree with what you are saying though I believe the proposal of some sort of shared IP list is a valid one.  If you had not brought this to the attention of the list then this discussion would have not taken place.  I am guilty in that when a EC2 server attempted to break into my PBX I did not share it with the list.  We, large assumption, are all at some point subjected to probing attacks against our Asterisk deployments and I feel it would be great if there was some mechanism where we were able to share those hackers IPs for blocking by one means or another.
-- 
Thanks, Phil



More information about the asterisk-users mailing list