[VOIPSEC] Reports of SIP attacks from Amazon EC2 instances?
Koki Sugioka
sugioka at nextgen.co.jp
Tue Apr 13 00:59:18 CDT 2010
Hi Dan and Folks,
It looked a spreading attack fasion.
Some of our customers in Japan told me to investigate the attack
at last Christmas season.
As far as I know, there are 2 types of INVITE message,
a) Via on INVITE and source IP are same and within Amazon EC2
b) Via on INVITE is within Amazon EC2 (spoofing source IP).
Best Regards,
Koki Sugioka
nextgen, Inc.
Dan York wrote::
> VOIPSEC readers,
>
> There are multiple reports out there of SIP attacks emanating from
> servers hosted on Amazon's EC2 service:
>
> http://www.voiptechchat.com/voip/457/amazon-ec2-sip-brute-force-attacks-on-rise/
> http://www.stuartsheldon.org/blog/2010/04/sip-brute-force-attack-originating-from-amazon-ec2-hosts/
> http://seclists.org/nanog/2010/Apr/811
>
> Leaving aside the customer service issues (or lack thereof) in the
> reports, are others seeing these attacks?
>
> Regards,
> Dan
>
More information about the Voipsec
mailing list