Amazon Responds About SIP Attacks From EC2

On April 18th Amazon finally responded publicly with respect to the SIP attacks recently suffered from hosts within their EC2 service. Their response comes in the form of an informational security bulletin posted to their AWS Security Center.

There have been some recent discussions about SIP brute force attacks originating from Amazon EC2. We can confirm that several users reported SIP brute force attacks originating from a small number of Amazon EC2 instances about a week ago. It appears these attacks were designed to exploit security vulnerabilities in the SIP protocol. There is nothing specific about this attack that requires Amazon EC2. It was a brute force attack that could be launched from any computer on any network.

Continue reading “Amazon Responds About SIP Attacks From EC2”

Amazon: You Got Some ‘Splaining To Do

Over the past week friend and VUC regular contributor Fred Posner has been suffering a SIP attack from someone using the Amazon EC2 cloud. Fred’s more than just a  friend, he’s a well established small businessman and an upstanding member of the Asterisk user community.

On his VoIP Tech Chat blog Fred has documented with outstanding clarity his attempts to report the attack that he has suffered this past week, and Amazon’s rather limited response. My opinion is that Fred has done exactly as he should in his efforts to report the attack. It’s Amazon’s response that has fallen short.

Continue reading “Amazon: You Got Some ‘Splaining To Do”

A Talk In The Clouds: Asterisk on EC2

asterisk-on-awsOver the past year there has been a building of interest in running Asterisk on cloud infrastructure such as Amazon’s EC2. Here’s a compilation of sources on the topic:

There’s a considerable information in the combination of these sources. It now appears that running Asterisk on a cloud platform is moving from experimental to useful, even desirable in some circumstances.

In truth, it’s not really my cup of tea, a little beyond my SOHO scope. But it does seem to be a source of great enthusiasm in some circles.

Update 2/18/2009: Eric from rf.com has create a complete Asterisk image (AMI) on Amazon EC2 including timers. Here are the details.

P.S. – The title of this post is a reference to “A Walk In The Clouds” which is one of my mother-in-laws favorite films. We both like Keanu Reeves.