Amazon EC2 Flood Attacks from the Cloud


Part of this article is an edited summary of material from

Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all such traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints. The object is theft of resources.

The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts.

There are various techniques to assist with minimizing DDoS and Brute Force attacks, such as limiting access via the public internet, using strong passwords, not mapping extension name to peer/endpoint name, limiting simultaneous calls, and aggressively monitoring usage. Automatic blocking of abusive IP’s (fail2ban, blockhosts, etc.) can also assist with minimizing damage.

References: EC2 Abuse Report Form


VUC official position: EC2 abuse costs victims time and money. Amazon is 100% accountable for what their customers do with their resources and must react swiftly to complaints.

VUC 60 second rant: This week saw a new feature rolled out, the Voipusers One Minute Issue Talk (VOMIT) where all listeners are encouraged to phone in their VoIP-related rants. Call and leave yours at (518) VUC VOIP or (518) 882-8647.

Follow  @voipusers on Twitter.

Comments on this entry are closed.

Previous post:

Next post: