Re: [asterisk-users] Being attacked by an Amazon EC2 ...

Sun, 11 Apr 2010 04:42:49 -0700 

On Sun, 11 Apr 2010, --[ UxBoD ]-- wrote:

> In the end I set up OSSEC (http://www.ossec.net) and wrote a rule that 
> would monitor for failed SIP registrations. If a few occurred within a 
> short space of time the Active Response kicks in and blocks the IP 
> address using IPTables. -- Thanks, Phil

Cheers - but it's not blocking that's the real issue, that's trivial in my 
router or on the PBX, it's that my monthly ADSL data cap is being used up 
and my ISP is not responding (actually, they might if I phone them, but 
it's not desperate right now as I'm unlimited at the weekend), and neither 
is Amazon.

My currently monthly peak-time cap is 45GB - 8am to 8pm and they seem to 
be eating up some 7-10GB a day... So I might actually be OK and can just 
"weather it out", but it's still annoying.

I'm tempted to just block all of Amazons EC2 and say to hell with them. 
Shouldn't be too hard to track them down - eg. from whois on that IP:

NetRange:   72.44.32.0 - 72.44.63.255
CIDR:       72.44.32.0/19
NetName:    AMAZON-EC2-2

NetRange:   75.101.128.0 - 75.101.255.255
CIDR:       75.101.128.0/17
NetName:    AMAZON-EC2-4

NetRange:   67.202.0.0 - 67.202.63.255
CIDR:       67.202.0.0/18
NetName:    AMAZON-EC2-3

NetRange:   174.129.0.0 - 174.129.255.255
CIDR:       174.129.0.0/16
NetName:    AMAZON-EC2-5

NetRange:   204.236.128.0 - 204.236.255.255
CIDR:       204.236.128.0/17
NetName:    AMAZON-EC2-6

NetRange:   184.72.0.0 - 184.73.255.255
CIDR:       184.72.0.0/15
NetName:    AMAZON-EC2-7

(so much for running out of ipv4 address space when amazon has millions)

And there are well knowing published lists from all chinese hosts, etc. 
too. Easy enough too cook up iptables to allow data from sites I connect 
out to, but block all incoming new connections.

Gordon

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to