[asterisk-users] Being attacked by an Amazon EC2 ...

Steve Murphy murf at parsetree.com
Tue Apr 13 13:25:57 CDT 2010


Hmmm. It would seem that it would be to Amazon's advantage to jump on this
problem,
because the accounts that are performing this activity are most likely
purchased with
stolen identities, and sooner or later the charges are going to get
reversed. Either the
credit card companies are going to absorb the cost, or the merchants (like
Amazon) at
the other end. And, after listening to merchants grumble about it, I'd
assume that in the
end, Amazon is going to get stiffed for the bill. On someone else's credit
card, I'd imaging they
have almost infinite resources; Bandwidth to burn, the best and most
powerful hosts.
So what if they rack up thousands of dollars? They are probably organized
crime units in Romania or
whatever.

murf


On Tue, Apr 13, 2010 at 11:21 AM, Tzafrir Cohen <tzafrir.cohen at xorcom.com>wrote:

> On Tue, Apr 13, 2010 at 04:32:58PM +0200, Hans Witvliet wrote:
> > On Tue, 2010-04-13 at 15:49 +0200, Philipp von Klitzing wrote:
> > > Hi!
> > >
> > > > Any aditional security within * is fine, but if someone is simply
> > > > drowning your bandwith, action must be taken at a lower level.
> > > > Otherwise you endup re-inventing the wheel for D.o.s. attackes for
> voip,
> > > > mail, ssh, ldap, http, rsync, (or any other service you might be
> running)
> > >
> > > However, I *still* think Asterisk should provide a "delayreject" option
> > > in sip.conf to greatly slow down answering request avanlanches. That
> will
> > > help to address the bandwidth issue if the attacker is configured to
> wait
> > > for a response before starting the next request.
> > >
> > > Apart from that here are the most important messages: Use strong
> > > passwords in sip.conf, and use keys in iax.conf, and avoid usernames
> that
> > > can be guessed too easily (numbers from 100 to 9999 and first names).
> > >
> >
> > Agreed, best would be to only use ssl-certificates for authentication,
> > but not all parts involved support that, (to put it mildly...)
>
> Secure authentication won't solve the problem of attackers flodding your
> pipe. Especially not if you have ADSL or similar connection.
>
> --
>               Tzafrir Cohen
> icq#16849755              jabber:tzafrir.cohen at xorcom.com<jabber%3Atzafrir.cohen at xorcom.com>
> +972-50-7952406           mailto:tzafrir.cohen at xorcom.com
> http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Steve Murphy
ParseTree Corp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100413/d2146764/attachment.htm 


More information about the asterisk-users mailing list