---

Home IT Management

SIP Brute Force Attack Originating From Amazon EC2 Hosts (Amazon unresponsive)

By

“I woke up Saturday morning to find strangely high network
activity on some of our inbound connections. After a quick review,
it turned out that most of the traffic was going into several of
our hosted PBX systems. After a little more digging, I discovered
that several systems on the Amazon EC2 network were preforming
brute force attacks, against our VoIP servers. They were attempting
to guess user names and passwords for our SIP clients. I
immediately blocked all traffic from the attacking IPs and examined
the logs. Thankfully, I found that non of the attacks had succeeded
in guessing passwords.

“Confident that the immediate threat was dealt with, I shot off
a complaint to [email protected] listing the IP addresses and
some log snapshots for validation. I fully expected to see the
attack traffic disappear from our edge as soon as Amazon got the
report. Boy, was I wrong…”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.