Isso é preocupante mesmo. Sera que se o ramal existir ele responde pedindo a senha e ja entrega que o ramal existe ou vai enviar o mesmo tipo de falha?
Eduardo Mazolini (19) 9191-2705 ________________________________ De: Eder Souza <eder.so...@bsd.com.br> Para: asteriskbrasil@listas.asteriskbrasil.org Enviadas: Quarta-feira, 4 de Novembro de 2009 13:03:23 Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk Log do Asterisk segue ae para vc ver um ataque massivo chutando users sips, repare quantos users ele conseguiu chutar em apenas um segundo !!! uma amostra do log referente ao ataque !!! [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"0"<sip:0...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"1"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"2"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"3"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"4"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"5"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"6"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"7"<sip:7...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"8"<sip:8...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"9"<sip:9...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"10"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"11"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"12"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"13"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"14"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"15"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"16"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"17"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"18"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"19"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"20"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"21"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"22"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"23"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"24"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"25"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"26"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"27"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"28"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"29"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"30"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"31"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"32"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"33"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"34"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"35"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"36"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"37"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"38"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"39"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"40"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"41"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"42"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"43"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"44"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"45"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"46"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"47"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"48"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"49"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"50"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"51"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"52"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"53"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"54"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"55"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"56"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"57"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"58"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"59"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"60"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"61"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"62"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"63"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"64"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"65"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"66"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found Rastreando o IP do malvado Hostname:208.38.164.96 ISP:E Solutions Corporation Organization:LIGHTPORT Proxy:None detected Type:Corporate Geo-Location Information Country:United States State/Region:FL City:Holiday Latitude:28.1994 Longitude:-82.7681 Area Code:727 []'s Eng Eder de Souza 2009/11/4 Luciano Antonio Borguetti Faustino <lucianoborguetti.lis...@gmail.com> Eder, > > > >Tentativas de entrada pela porta 5060/udp? >Qual log seria esse, do seu firewall, do asterisk? > > >Abraço, > > >2009/11/3 eder souza <ederwan...@yahoo.com.br> > >tbm acho q é falha humana, a duas semanas peguei e um log tentativa de >entradas pela porta 5060, mas o kra nao obteve sucesso !!! >> >>Eng Eder de Souza >> >>--- Em ter, 20/10/09, Zavam, Vinícius <egyp...@secrel.com.br> escreveu: >> >> >>>De: Zavam, Vinícius <egyp...@secrel.com.br> >>>Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk >>> >>> >>>Para: asteriskbrasil@listas.asteriskbrasil.org >>>Data: Terça-feira, 20 de Outubro de 2009, 22:40 >>> >>> >>> >>> >>>Citando Josué Conti: >>> >>>> Poderia ser o parâmetro allowguest setado como yes? >>>> >>>> 2009/10/20 Alexandre Ricardo Souza Silva <alexan...@componentizar.com.br>: >>>>>>>> Rafael, >>>>> >>>>> Teria como vc descrever o seu ambiente, do tipo , o seu >>>>> pbx-ip esta na web ou nao e etc. >>>>> >>>>> Fico no aguardo. >>>>> >>>>>>>> Abraço >>>>> Alexandre >>>>> >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>> From: Rafael Alves Machado >>>>> To: asteriskbrasil@listas.asteriskbrasil.org >>>>>>>> Sent: Tuesday, October 20, 2009 5:14 PM >>>>> Subject: [AsteriskBrasil] RES: Vulnerabilidade Asterisk >>>>> >>>>> O ataque foi uma falha na segurança do asterisk alguma coisa com SSL, >>>>> liguei >>>>>>>> no suporte trixbox no EUA e me passaram isso, utilizo trixbox 2.6.2.2 >>>>> Asterisk 1.6 assim que capturar o log eu encaminho, mas é praticamente >>>>> assim, a pessoa invade o servidor consegue criar ramal e efetua diversas >>>>>>>> ligações para todo o mundo, rastreamos o ip que estava acessando e era >>>>>>>> da >>>>> China, ele conseguiu de alguma forma acessar pela porta 5060 e suas >>>>> derivadas. >>>>> >>>>> >>>>> >>>>>>>> >>>>> >>>>> Rafael >>>>> >>>>> >>>>> >>>>> De: asteriskbrasil-boun...@listas.asteriskbrasil.org >>>>>>>> [mailto:asteriskbrasil-boun...@listas.asteriskbrasil.org] Em nome de >>>>>>>> Roniton >>>>> Rezende Oliveira >>>>>>>> Enviada em: terça-feira, 20 de outubro de 2009 17:21 >>>>> Para: asteriskbrasil@listas.asteriskbrasil.org >>>>>>>> Assunto: Re: [AsteriskBrasil] Vulnerabilidade Asterisk >>>>> >>>>> >>>>> >>>>> Como foi o ataque? Você tem Log!! >>>>> Seu sistema está atualizado? >>>>> Seu firewall está bem configurado? >>>>>>>> >>>>> Roniton Oliveira >>>>> >>>>> 2009/10/20 Giancarlo Rubio <gianru...@gmail.com> >>>>> >>>>>>>> 2009/10/20 Rafael Alves Machado <raf...@aflsistemas.com.br>: >>>>> >>>>>> Pessoal, passei por um problema a semana passada e esta semana um amigo >>>>>>>>> mesmo passou pelo mesmo problema, um acesso devido a uma falha de >>>>>> segurança >>>>>> do asterisk, permitiu um usuário remoto a acessar o pbx-ip e efetuar >>>>>> ligações para diversos países, e alem disso criar ramais sip no pbx para >>>>>>>>> efetuar as ligações. >>>>> >>>>> Qual a falha? >>> >>>humana, provavelmente. >>> >>>>> >>>>> -- >>>>> Giancarlo Rubio >>> >>>nao estou vendo justificativas plausiveis que me levem a crer o contrario. >>>>>>digo; ate o momento. >>> >>>$ /usr/local/etc/rc.d/flames.sh > /dev/null >>> >>> >>> >>>--------------------- >>>Webmail SecrelNet >>> >>> >>> >>>_______________________________________________ >>>http://www.voipmania.com.br >>>>>>Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >>>Promoção por tempo limitado! >>>Acesse agora http://promo.voipmania.com.br >>> >>>_______________________________________________ >>>>>>Lista de discussões AsteriskBrasil.org >>>AsteriskBrasil@listas.asteriskbrasil.org >>>http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >>> >> >>__________________________________________________ >>Fale com seus amigos de graça com o novo Yahoo! Messenger >>http://br.messenger.yahoo.com/ >> >>_______________________________________________ >>http://www.voipmania.com.br >>Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >>Promoção por tempo limitado! >>>>Acesse agora http://promo.voipmania.com.br >> >>_______________________________________________ >>Lista de discussões AsteriskBrasil.org >>AsteriskBrasil@listas.asteriskbrasil.org >>http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >> > > >-- >#!/bin/bash > >Luciano Antonio Borguetti Faustino >GNU/Linux user number: 339110 >ICQ UIN number: 82092097 - ICQ ainda na atividade :) >http://lucianoborguetti.blogspot.com > >Preconceito é opinião sem conhecimento. > >:wq > > >_______________________________________________ >http://www.voipmania.com.br >Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >>Promoção por tempo limitado! >Acesse agora http://promo.voipmania.com.br > >_______________________________________________ >Lista de discussões AsteriskBrasil.org >AsteriskBrasil@listas.asteriskbrasil.org >http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > ____________________________________________________________________________________ Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com
_______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
