"I woke up Saturday morning to find strangely high network
activity on some of our inbound connections. After a quick review,
it turned out that most of the traffic was going into several of
our hosted PBX systems. After a little more digging, I discovered
that several systems on the Amazon EC2 network were preforming
brute force attacks, against our VoIP servers. They were attempting
to guess user names and passwords for our SIP clients. I
immediately blocked all traffic from the attacking IPs and examined
the logs. Thankfully, I found that non of the attacks had succeeded
in guessing passwords.
"Confident that the immediate threat was dealt with, I shot off
a complaint to firstname.lastname@example.org listing the IP addresses and
some log snapshots for validation. I fully expected to see the
attack traffic disappear from our edge as soon as Amazon got the
report. Boy, was I wrong..."