[asterisk-users] Being attacked by an Amazon EC2 ...

Tzafrir Cohen tzafrir.cohen at xorcom.com
Tue Apr 13 12:21:45 CDT 2010


On Tue, Apr 13, 2010 at 04:32:58PM +0200, Hans Witvliet wrote:
> On Tue, 2010-04-13 at 15:49 +0200, Philipp von Klitzing wrote:
> > Hi!
> > 
> > > Any aditional security within * is fine, but if someone is simply
> > > drowning your bandwith, action must be taken at a lower level.
> > > Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
> > > mail, ssh, ldap, http, rsync, (or any other service you might be running)
> > 
> > However, I *still* think Asterisk should provide a "delayreject" option 
> > in sip.conf to greatly slow down answering request avanlanches. That will 
> > help to address the bandwidth issue if the attacker is configured to wait 
> > for a response before starting the next request.
> > 
> > Apart from that here are the most important messages: Use strong 
> > passwords in sip.conf, and use keys in iax.conf, and avoid usernames that 
> > can be guessed too easily (numbers from 100 to 9999 and first names).
> > 
> 
> Agreed, best would be to only use ssl-certificates for authentication,
> but not all parts involved support that, (to put it mildly...)

Secure authentication won't solve the problem of attackers flodding your
pipe. Especially not if you have ADSL or similar connection.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-users mailing list