Comments on: SIP Attacks From Amazon EC2 Cloud Continue

By: Dan

Dan — Thu, 18 Nov 2010 15:40:58 +0000

BTW … check out http://www.infiltrated.net/voipabuse/submitting-info.html

By: Dan

Dan — Thu, 18 Nov 2010 15:15:10 +0000

As a VoIP service provider, we find most attacks currently coming from China. On top of the router blocking suggested above, we install “fail2ban” and configure it to 5 attempts and the IP address is blocked.

It helps, but the real answer is for ISPs to be notified and them being responsible enough to shut down the attackers.

The question is how do we get ISPs, even Amazon, to listen and act?

By: I’ll have clear skies, personal conversation, and hold the technology, please. | VoIP Tech Chat

Fri, 08 Oct 2010 15:50:44 +0000

[...] Apologies to Fred for shout-outs to two of his nemeses, Amazon and [...]

By: brent

brent — Fri, 27 Aug 2010 20:01:06 +0000

Hopefully the IP restrictions and lawsuits will send the right message.

For the moment, it appears that, Mr. Bezos’ loyalty rests with paying AWS customers (aka attackers) and not the victims of abuse.

By: UxBoD

UxBoD — Mon, 24 May 2010 11:52:03 +0000

My system as just been attacked again. Sent the details to AmazonWS and their response was:

“Thank you for submitting your abuse report.
There was no single customer using the source IP address(es) during the time you provided.
This may be due to the fact that we do not own the IP address(es), the time or time zone you provided was incorrect, or there were multiple customers with instances running during the time and IP address(es) you specified.
You may try re-submitting your report with a different time if you wish.”

Uh, sorry but it was one of your servers!

dig +short -x 204.236.207.65
ec2-204-236-207-65.compute-1.amazonaws.com.

By: Bruce

Bruce — Sat, 22 May 2010 01:21:05 +0000

Time to start blocking these IP ranges at the boarder of your networks. As an ITSP / ISP I have the luxury of beefy routers and firewalls, however the loan PBX at the customer prem is in trouble. Even with firewall rules in place odds are the little routers will simply fail under the load of traffic coming from EC2.

Time for people to start complaining to there ISP’s and let us start contacting Amazon and blocking the attacks upstream before they reach your PBX’s.

For reference, Current amazon EC2 IP ranges.

US East (Northern Virginia):
216.182.224.0/20 (216.182.224.0 – 216.182.239.255)
72.44.32.0/19 (72.44.32.0 – 72.44.63.255)
67.202.0.0/18 (67.202.0.0 – 67.202.63.255)
75.101.128.0/17 (75.101.128.0 – 75.101.255.255)
174.129.0.0/16 (174.129.0.0 – 174.129.255.255)
204.236.192.0/18 (204.236.192.0 – 204.236.255.255)
184.73.0.0/16 (184.73.0.0 – 184.73.255.255)
184.72.128.0/17 (184.72.128.0 – 184.72.255.255)

US West (Northern California):
204.236.128.0/18 (216.236.128.0 – 216.236.191.255)
184.72.0.0/18 (184.72.0.0 – 184.72.63.255)

EU (Ireland):
79.125.0.0/17 (79.125.0.0 – 79.125.127.255)

Asia Pacific (Singapore)
175.41.128.0/18 (175.41.128.0 – 175.41.191.255)

By: Garrett Smith - VoIP

Garrett Smith - VoIP — Mon, 17 May 2010 19:49:28 +0000

RT @teamforrest: Using #asterisk? Check out our script http://bit.ly/cDHlLq to help prevent Amazon EC2 SIP attacks http://bit.ly/ec2sipflood

By: David A. Bryan

David A. Bryan — Mon, 17 May 2010 17:05:34 +0000

RT @DaveMichels: [Sharing..] SIP Attacks From Amazon EC2 Cloud Continue: Attacks from the cloud. Just over a… http://goo.gl/fb/hlFW4

By: David A. Bryan

David A. Bryan — Mon, 17 May 2010 17:04:53 +0000

TY @DaveMichels: SIP Attacks From Amazon EC2 Cloud Continue: Attacks from the cloud. http://goo.gl/fb/hlFW4

By: Attacking VOIP From the Cloud – Upland Strategy Group, LLC

Attacking VOIP From the Cloud – Upland Strategy Group, LLC — Mon, 17 May 2010 15:36:49 +0000

[...] http://www.voiptechchat.com/voip/538/sip-attacks-from-amazon-ec2-cloud-continue/ [...]