[asterisk-users] Amazon EC2 SIP floods - you can help
Stuart Sheldon
stu at actusa.net
Sun Apr 18 11:02:27 CDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Randy R wrote:
> On Sun, Apr 18, 2010 at 5:38 PM, Stuart Sheldon <stu at actusa.net> wrote:
>>> I a related question, if the IP addresses were spoofed, how could a
>>> response be directed back? Don't the register attempts, because they
>
>> If the IP addresses were spoofed, it would be simply a DoS attack.
>
> This is what I thought, so when people say "yeah, but they could be
> spoofed" this isn't a valid argument.
>
> A huge number of requests going to your server with an originating EC2
> IP needs to be shut down first, questions asked after.
>
> Only Amazon can fix this. They have not only the IP info but also full
> customer data, including banking info.
>
> What possible excuse can they provide? Is this why they are silent?
> There's no good excuse other than, "it would cut into our profits".
>
> Maybe we could get GigaOm interested or some other high-visibility blog.
>
> /r
>
For what it's worth, here is my Blog Article from the incident...
http://www.stuartsheldon.org/blog/2010/04/sip-brute-force-attack-originating-from-amazon-ec2-hosts/
Stu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBCAAGBQJLyy0SAAoJEFKVLITDJSGSMaYQAKVTy6en4zsbekcjXTSjMo6z
SSwBL95mSpgGRU6nAOKIjs5UUczFS8MtReag7hqW7e1ZtwwlXz88KP+c7yNZVw9+
6HIjAf+PdaxRmDQ/bUpcXy+4Nnl6RRzVnE5oY33/ZWJrAjBfLb/eQCFQOqAdgxDr
xsTGCPts/CJWeQrni6g4pdYFf3P4BvxsyoGw5vpF8rXipujaK1V0zxT6dE+XDNYZ
aqrLlZtGvF7oTLtYCAt6g/C7VG7RJDNbuxGKG0q8GfHeU3xXEjYytH6jq26yiCSi
FvP6vH0CzOInyYohPEXuxej2rLADf6c3JqXidadXX87l5XLb947pooMK+gmyRv8m
AjsoOryMs43V48q5y1F25LVV8pnw83xEUZyxfa4/JNx4Fr4PvuMdVs0UDZbjWdCD
ncf47IVQKztWfM3vcbyFXyfgDHrAnGUwZ/VxPpQ9/0VGsrC8V9rujQCI3UVk2/7v
RHFK97ddmPvrAr8Gml+wnjTROSyY5n8ds762ZfyN3rel7e7w5gynpa+G9pcNqgSX
MzdKRiC10hF4X6ZMXOski1UIXm+x7r+8uY8p+/8l6A4sdXohCUhXTcYLMnDBzgob
fsmxb6WKKkaGTLv7jWLukfZVYcppk+B4M8hFgAvVqMWBRI3eZmZTKvmzDs9yjaqw
kcF4NwJOpLXsG3w9vs7F
=kLEJ
-----END PGP SIGNATURE-----
More information about the asterisk-users
mailing list