Asterisk, and other worldly endeavours.

A blog by Leif Madsen

Recent SIP Attacks from Amazon EC2


Recently (over the weekend and continuing into today) there have been several attacks from Amazon EC2 hosts running scanners looking for open SIP accounts. I’ve gathered a couple of links that I think are useful in knowing more about the attacks, along with methods of stopping the attacks. The Joshua Stein blog has a very clever way of stopping the attacks that impressed me.

http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood

http://www.voiptechchat.com/voip/457/amazon-ec2-sip-brute-force-attacks-on-rise/

http://www.stuartsheldon.org/blog/2010/04/sip-brute-force-attack-originating-from-amazon-ec2-hosts/

Update (2010/04/18): It seems the story has made it at least as far as Slashdot now. I seriously can’t believe the lack of response has gone on for so long. I figured by now we’d have some sort of official story stating that they are searching for the attacker, or that they have been shut down and that additional security precautions have been implemented, but thus far, nothing is being done. The status quo on something like this from Amazon is actually quite surprising.

http://it.slashdot.org/story/10/04/17/2059256/SIP-Attacks-From-Amazon-EC2-Going-Unaddressed

Advertisements

Written by Leif Madsen

2010/04/12 at 7:28 pm

One Response

Subscribe to comments with RSS.

  1. Cloud based hacking ?

    dan

    2010/04/13 at 11:59 am


Comments are closed.

%d bloggers like this: