----- Original Message ----- > Think we need some solution WITHIN the Asterisk core. Roderick A. > suggested something that looks nice using iptables, some others have > pointed out using RBL or fail2ban, but the best would be to have some > generic solution not dependant on third party programs. > > I'm not aware of the asterisk.dev list but maybe someone can tell if > they can help us here? > > Alyed > > > > 2010/4/13 Randy R < randulo2...@gmail.com > > > > > On Mon, Apr 12, 2010 at 7:17 PM, Darrick Hartman > < dhart...@djhsolutions.com > wrote: > > That only addresses EC2 (and assumes that Amazon has any interest in > > protecting their reputation). What about attacks that come from > > other locations? Granted it's pretty easy to buy time on an EC2 > > server so > > this may be the primary source for a period of time. > > With the growth of the cloud offerings, this problem will likely grow, > so yes, a generic solution is needed. What I want to see though, and > no provder has done much if anything about it, is REPORTING and > INVESTIGATION. It is easy to use a script to report and submit, we can > all do that, even I could (if I had a box running and needed to). The > hard part is them having their tech/sys people actually look at the > network and see, "Oh, ya, there's some shit happening that on that > instance..." > > If Amazon's form submit didn't even work, that's a really bad > reflection on their brand in a lot of ways, including tech competence. > If that is know to geeks like us, it won't hurt them which is why, > like a broken record, I keep saying: put your Amazon experience out to > the public. When it starts being mentioned in Wired, "Storm Cloud" or > something, THEN Amazon will have to do something. > > I do not believe Amazon is taking reasonable measures now in doing > their job, and that they should be working towards that goal, > reasonable measures as opposed to NO measures. > > /r > > > >
DNS lookup capability appears to be required on a Asterisk installation and hence a DNSRBL would appear to be a good solution. A alternative, similar to the SaneSecurity AV sigs, would be to have a pool of rsync servers for downloading a list of known IPs. Again this would require community contribution in both time and resources. I would be happy to allocate some spare memory and CPU cycles and hopefully my employer would as-well. -- Thanks, Phil -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
