Recent SIP Attacks from Amazon EC2
Recently (over the weekend and continuing into today) there have been several attacks from Amazon EC2 hosts running scanners looking for open SIP accounts. I’ve gathered a couple of links that I think are useful in knowing more about the attacks, along with methods of stopping the attacks. The Joshua Stein blog has a very clever way of stopping the attacks that impressed me.
http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood
http://www.voiptechchat.com/voip/457/amazon-ec2-sip-brute-force-attacks-on-rise/
http://www.stuartsheldon.org/blog/2010/04/sip-brute-force-attack-originating-from-amazon-ec2-hosts/
Update (2010/04/18): It seems the story has made it at least as far as Slashdot now. I seriously can’t believe the lack of response has gone on for so long. I figured by now we’d have some sort of official story stating that they are searching for the attacker, or that they have been shut down and that additional security precautions have been implemented, but thus far, nothing is being done. The status quo on something like this from Amazon is actually quite surprising.
http://it.slashdot.org/story/10/04/17/2059256/SIP-Attacks-From-Amazon-EC2-Going-Unaddressed