[asterisk-users] Being attacked by an Amazon EC2 ...
Philipp von Klitzing
klitzing at pool.informatik.rwth-aachen.de
Tue Apr 13 08:49:16 CDT 2010
Hi!
> Any aditional security within * is fine, but if someone is simply
> drowning your bandwith, action must be taken at a lower level.
> Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
> mail, ssh, ldap, http, rsync, (or any other service you might be running)
However, I *still* think Asterisk should provide a "delayreject" option
in sip.conf to greatly slow down answering request avanlanches. That will
help to address the bandwidth issue if the attacker is configured to wait
for a response before starting the next request.
Apart from that here are the most important messages: Use strong
passwords in sip.conf, and use keys in iax.conf, and avoid usernames that
can be guessed too easily (numbers from 100 to 9999 and first names).
Philipp
More information about the asterisk-users
mailing list