Stay in touch VUC Mailing List : VUC FaceBook Page : iTunes
24/7 Leave a message or send an SMS : (518) VUC-VOIP (882-8647) : IRC #vuc

Our CDN is better than Amazon : Check out Rackspace Cloud

VUC Info: Next session - Future Topics - HOW TO Connect

Posts Tagged Amazon

Amazon Indifference to EC2 Attacks Continues

Posted by Zeeek/Randulo in The Rest, VoIP

EC2 attacks continue with no help from them. Amazon continues its “head in the sand” approach to our community and this is unacceptable. Forgive the intrusion on this page, look below for the VUC sessions.

You can help push this to their attention:

Please make sure you keep this issue visible by voting it up on SlashDot. If you haven’t followed out discussions, see Fred’s story. Asterisk user mailing list has a lot of info on it as well. Post on Twitter, their robot stupidly repeats all comments that contain EC2 so don’t forget to use that mention in anything you post. Post on your blogs and any forums you can.

I expected better from Amazon and I’ll withdraw my significant business from them if they don’t rise up to the challenge.

, , , , ,

No Comments

Amazon EC2 Flood Attacks from the Cloud

Posted by Zeeek/Randulo in VoIP

Podcast: Download

Audio : Download file (EC2Attacks.mp3)


Part of this article is an edited summary of material from VoipTechChat.com

Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all such traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints. The object is theft of resources.

The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts.

There are various techniques to assist with minimizing DDoS and Brute Force attacks, such as limiting access via the public internet, using strong passwords, not mapping extension name to peer/endpoint name, limiting simultaneous calls, and aggressively monitoring usage. Automatic blocking of abusive IP’s (fail2ban, blockhosts, etc.) can also assist with minimizing damage.

References: EC2 Abuse Report Form

VOIPSA

VUC official position: EC2 abuse costs victims time and money. Amazon is 100% accountable for what their customers do with their resources and must react swiftly to complaints.

VUC 60 second rant: This week saw a new feature rolled out, the Voipusers One Minute Issue Talk (VOMIT) where all listeners are encouraged to phone in their VoIP-related rants. Call and leave yours at (518) VUC VOIP or (518) 882-8647.

Follow  @voipusers on Twitter.

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

3 Comments

Nir Simionovich on EC2

Posted by Zeeek/Randulo in VoIP

Podcast: Download

There is a full text transcript of this hour below.

Part 1: (Talkshoe)

Audio : Download file (TS-224823.mp3)

Part 2 (ZipDX recording served from CloudFront):

Audio : Download file (ZipDX20090619.mp3)

We’ve tried to get people to talk about this before, but we didn’t get a deep explanation. Here’s a chance to ask Nir, who did a compelling presentation at AMOOCON on Asterisk on EC2, to clear up any of those nagging questions you might have.

Nir’s AMOOCON presentation, Dynamic Asterisk Scalability with Amazon EC2 and videos are available on the AMOOCON site. Nir’s company is Greenfield Tech.

Nir is also the author of Asterisk Gateway Interface 1.4 and 1.6 Programming

Jerry Shuman of Perssonas (@theagent) joined the call with some great input, too.

IRC Transcript 2009-06-19

Follow on Twitter

@voipusers @e4voip @mjgraves @viperdudeuk @steely_glint @teamforrest @fredposner @asteriskbot

Read the rest of this entry »

, , , , , ,

1 Comment