Long time listener, first time poster. ;) Actually just came back to Gainesville and am trying to get more active in the community. Anyway... there's been a tremendous amount of ddos/sip flood attacks from Amazon EC2 space over the last few days with an extremely disappointing response from Amazon. The overview is posted on VoIP Tech Chat at:
There's been a bunch of different discussions on ways to combat the attacks, including redirecting the attacks to a different port (and responding with a fake message), iptables, fail2ban, etc.
The redirect had mixed results... and I didn't want the fail2ban, so I put up a little perl script for automatically blocking the traffic via a dedicated iptables chain. The script is posted on Team Forrest:
If you have any other thoughts, that would be great... Generally I like to block on the router, or dedicated filtering system... Some people have discussed writing code for Asterisk, OpenSER, FreeSWITCH, etc. to handle this within the software. Personally, I don't like that method for 2 reasons (but of course, can always change my mind with a good argument). My thoughts are... (1) It's not the linux way... ie get a separate program to do it and do it very well... and (2) I want the traffic blocked before it reaches the Asterisk (or other SIP) process.
Anyway... glad to be back in town.