I wasn’t sure how to list this, but just in case there are folks who aren’t aware, SIP provider “CallCentric” has been under DDoS attack for one week straight and it looks like whoever is doing is no closer to being caught now than they were last week.
For those not DSL report members, here’s the string speaking of when it was recognized as being a DDoS attack:
Apparently the attack hasn’t stopped although they have mitigated a majority of the flooding (my lines are now registering again, however, there is random choppiness from time-to-time due to “patch rollouts” based on what CC updates say…).
I came across this blog regarding the mitigation of SIP flooding; from what’s being said, everyone is saying the content is useful:
Once I figure out the inner-workings of what’s happening, I’m definitely interested in investing some time into understanding the content better. Oh, there was something further down the post about doing this in Linux:
Poster #1: Tom Stordy-Allison (not authenticated) on april 12th, 2010 at 10:34:21:
Worked a dream.
I had to set the bind ip address also to receive packets:
s.bind(“10.134.45.141”, 5061)
Thanks!
Poster #2: This Amazon friendly-scanner generated about 15GB traffic this weekend! Same ammount couple weeks back.
Very nice trick, I did this (linux)
iptables -I INPUT -s 184.73.0.0/16 -j DROP
But that generated in 2 GB blocked data in a couple of hours.
iptables -I INPUT -s 184.73.0.0/16 -j REJECT
Was more effective, the scanning stopped within minutes (4MB traffic).
I also reported this to EC2 abuse.
As I become more versed with Linux and its “tips 'n tricks,” this will most likely have better meaning to me heh
