Skip to main content

Amazon Cloud DoS attacking ITSPs

Posted by eeman on Sun, 04/18/2010

mjgraves writes
"Over the past week a number of IP-PBX systems have been suffering SIP attacks from hosts in the Amazon EC2 cloud. At least a dozen known attacks have been reported to Amazon, which has been surprisingly quiet about the matter. The issue has been well documented by one of the attack victims on his blog. The matter was also discussed on the April 16th issue of the VoIP Users Conference (podcast available at the link; EC2 segment begins around 3:30). Amazon appears to have gone silent on the matter even as the attacks are ongoing. This is completely irresponsible behavior from a such a hosting company, which should be acting to take down the attacker in their midst."

Obviously you cant firewall SIP if you're running MTE, but log watchers/banners such as fail2ban can create temporary bans for brute force attempts. I would recommend adding this level of defense to your security strategy. If you were dumb enough to try to host your gear inside the cloud, get the hell out :-)