On April 18th Amazon finally responded publicly with respect to the SIP attacks recently suffered from hosts within their EC2 service. Their response comes in the form of an informational security bulletin posted to their AWS Security Center.
There have been some recent discussions about SIP brute force attacks originating from Amazon EC2. We can confirm that several users reported SIP brute force attacks originating from a small number of Amazon EC2 instances about a week ago. It appears these attacks were designed to exploit security vulnerabilities in the SIP protocol. There is nothing specific about this attack that requires Amazon EC2. It was a brute force attack that could be launched from any computer on any network.
On his VoIP Tech Chat blog Fred has documented with outstanding clarity his attempts to report the attack that he has suffered this past week, and Amazon’s rather limited response. My opinion is that Fred has done exactly as he should in his efforts to report the attack. It’s Amazon’s response that has fallen short.
There’s a considerable information in the combination of these sources. It now appears that running Asterisk on a cloud platform is moving from experimental to useful, even desirable in some circumstances.
In truth, it’s not really my cup of tea, a little beyond my SOHO scope. But it does seem to be a source of great enthusiasm in some circles.
Update 2/18/2009: Eric from rf.com has create a complete Asterisk image (AMI) on Amazon EC2 including timers. Here are the details.