[sipx-users] comments on amazon cloud blocking list

Thu, 29 Apr 2010 06:36:49 -0700

Maybe, after finishing my testing, since its not that many netblocks, it might be time to just firewall all incoming connections from amazon's cloud until they make an announcement that they actually take network security seriously.
Below is just an example of 'hits' on the ET (snort) sigs for amazon ec2 cloud: I have no idea what legitimate purposes these ip's serve, since there has not been one legit request from their netblocks. 

this is an ET sig (Sipvicious scan) against our sipx server, UDP port 5060.

at the very least, maybe we all can firewall their EC2 netblocks from 
accessing our sipx servers.



/var/log/snort.log.0.gz:Apr 28 00:33:01 scanner snort[56863]: 
[1:2008578:2] ET SCAN Sipvicious Scan [Classification: Attempted 
Information Leak] [Priority: 2]: <trust0> {UDP} 79.125.80.145:5060 -> 
xxx.xxx.10.1:5060
/var/log/snort.log.0.gz:Apr 28 00:33:01 scanner snort[56863]: 
[1:2010816:6] ET POLICY Incoming UDP Packet From Amazon EC2 Cloud 
[Classification: Misc activity] [Priority: 3]: <trust0> {UDP} 
79.125.80.145:5060 -> xxx.xxx.10.1:5060



here is a list of known amazon EC2 netblocks:

174.129.0.0/16,67.202.0.0/18,79.125.0.0/17,184.72.0.0/15,75.101.128.0/17,174.129.0.0/16,204.236.128.0/17


--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008


______________________________________________________________________

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

______________________________________________________________________  
_______________________________________________
sipx-users mailing list sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/













    











					Reply via email to