[asterisk-users] Being attacked by an Amazon EC2 ...
Hans Witvliet
hwit at a-domani.nl
Tue Apr 13 09:32:58 CDT 2010
On Tue, 2010-04-13 at 15:49 +0200, Philipp von Klitzing wrote:
> Hi!
>
> > Any aditional security within * is fine, but if someone is simply
> > drowning your bandwith, action must be taken at a lower level.
> > Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
> > mail, ssh, ldap, http, rsync, (or any other service you might be running)
>
> However, I *still* think Asterisk should provide a "delayreject" option
> in sip.conf to greatly slow down answering request avanlanches. That will
> help to address the bandwidth issue if the attacker is configured to wait
> for a response before starting the next request.
>
> Apart from that here are the most important messages: Use strong
> passwords in sip.conf, and use keys in iax.conf, and avoid usernames that
> can be guessed too easily (numbers from 100 to 9999 and first names).
>
Agreed, best would be to only use ssl-certificates for authentication,
but not all parts involved support that, (to put it mildly...)
hw
More information about the asterisk-users
mailing list