[asterisk-users] Being attacked by an Amazon EC2 ...
Fred Posner
fred at teamforrest.com
Tue Apr 13 08:51:33 CDT 2010
On Apr 13, 2010, at 8:04 AM, Hans Witvliet wrote:
> On Tue, 2010-04-13 at 09:47 +0100, Gordon Henderson wrote:
>> On Tue, 13 Apr 2010, Alyed wrote:
>>
>>> Think we need some solution WITHIN the Asterisk core. Roderick A. suggested
>>> something that looks nice using iptables, some others have pointed out using
>>> RBL or fail2ban, but the best would be to have some generic solution not
>>> dependant on third party programs.
>>
>> I'd strongly disagree with this. (And I was the OP of this thread and had
>> my home/office network connection taken down due to it)
>>
>> But then, I'm an old worldy Unix sysadmin and the philosophy of having a
>> program do one thing well is still etched into my core...
>>
>> http://en.wikipedia.org/wiki/Unix_philosophy
>>
>> So get asterisk to do what it does well, then get something else that does
>> what you need to do just as well - built-in to Linux are the iptables
>> firewall rules. Use them! They are very effective and do work. (And you
>> have a choice!)
>
> I'll agree with you here.
> Any aditional security within * is fine, but if someone is simply
> drowning your bandwith, action must be taken at a lower level.
> Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
> mail, ssh, ldap, http, rsync, (or any other service you might be
> running)
>
> So a proper job for ip(6)tables, imho
>
> --
+1 for outside of asterisk. I want something that blocks it before it gets to the Asterisk processes. I've posted a little script on Team Forrest for how I'm blocking the traffic (using a quick perl script, iptables, and cron). The script is at http://bit.ly/cDHlLq
---fred
http://qxork.com
More information about the asterisk-users
mailing list