Eder, Boa tarde.
Você não pode fazer uma reclamação formal a Global Crossing ??? tracert 208.38.164.96 Rastreando a rota para 208.38.164.96 com no máximo 30 saltos 1 * * * Esgotado o tempo limite do pedido. 2 57 ms 5 ms 5 ms 201-0-92-89.dsl.telesp.net.br [201.0.92.89] 3 6 ms 5 ms 5 ms 200-100-3-153.dsl.telesp.net.br [200.100.3.153] 4 6 ms 5 ms 5 ms 200-100-98-201.dial-up.telesp.net.br [200.100.98 .201] 5 7 ms 7 ms 7 ms Xe7-0-0-0-grtsanem2.red.telefonica-wholesale.net [213.140.50.69] 6 120 ms 120 ms 121 ms Xe6-0-1-0-grtmiabr1.red.telefonica-wholesale.net [84.16.15.42] 7 159 ms 171 ms 159 ms Xe-1-1-0-0-grtwaseq3.red.telefonica-wholesale.ne t [84.16.13.57] 8 169 ms 176 ms * GlobalCrossing2-0-0-0-grtwaseq3.red.telefonica-w holesale.net [213.140.55.90] 9 173 ms 172 ms 172 ms 64.209.96.18 10 184 ms 176 ms 177 ms v996.core1.esnet.com [216.139.207.17] 11 181 ms 181 ms 173 ms 208.38.164.96 Rastreamento concluído. Sds, Cooky Citando Eder Souza <eder.so...@bsd.com.br>: > Log do Asterisk segue ae para vc ver um ataque massivo chutando users sips, > repare quantos users ele conseguiu chutar em apenas um segundo !!! > > > uma amostra do log referente ao ataque !!! > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"0"<sip:0...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"1"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"2"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"3"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"4"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"5"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"6"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"7"<sip:7...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"8"<sip:8...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"9"<sip:9...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"10"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"11"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"12"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"13"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"14"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"15"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"16"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"17"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"18"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"19"<sip:1...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"20"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"21"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"22"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"23"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"24"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"25"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"26"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"27"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"28"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"29"<sip:2...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"30"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"31"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"32"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"33"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"34"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"35"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"36"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"37"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"38"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"39"<sip:3...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"40"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"41"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"42"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"43"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"44"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"45"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"46"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"47"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"48"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"49"<sip:4...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"50"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"51"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"52"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"53"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"54"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"55"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"56"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"57"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"58"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"59"<sip:5...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"60"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"61"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"62"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"63"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"64"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"65"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"66"<sip:6...@ip>' > failed for '208.38.164.96' - No matching peer found > > > > Rastreando o IP do malvado > > Hostname:208.38.164.96 > ISP:E Solutions Corporation > Organization:LIGHTPORT > Proxy:None detected > Type:Corporate > > > Geo-Location Information > Country:United States > State/Region:FL > City:Holiday > Latitude:28.1994 > Longitude:-82.7681 > Area Code:727 > > []'s > > > Eng Eder de Souza > 2009/11/4 Luciano Antonio Borguetti Faustino < > lucianoborguetti.lis...@gmail.com> > > > Eder, > > > > Tentativas de entrada pela porta 5060/udp? > > Qual log seria esse, do seu firewall, do asterisk? > > > > Abraço, > > > > 2009/11/3 eder souza <ederwan...@yahoo.com.br> > > > >> tbm acho q é falha humana, a duas semanas peguei e um log tentativa de > >> entradas pela porta 5060, mas o kra nao obteve sucesso !!! > >> > >> Eng Eder de Souza > >> > >> --- Em *ter, 20/10/09, Zavam, Vinícius <egyp...@secrel.com.br>* escreveu: > >> > >> > >> De: Zavam, Vinícius <egyp...@secrel.com.br> > >> Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk > >> > >> Para: asteriskbrasil@listas.asteriskbrasil.org > >> Data: Terça-feira, 20 de Outubro de 2009, 22:40 > >> > >> > >> Citando Josué Conti: > >> > >> > Poderia ser o parâmetro allowguest setado como yes? > >> > > >> > 2009/10/20 Alexandre Ricardo Souza Silva < > >> > alexan...@componentizar.com.br<http://br.mc522.mail.yahoo.com/mc/compose?to=alexan...@componentizar.com.br> > >> >: > >> >> Rafael, > >> >> > >> >> Teria como vc descrever o seu ambiente, do tipo , o seu > >> >> pbx-ip esta na web ou nao e etc. > >> >> > >> >> Fico no aguardo. > >> >> > >> >> Abraço > >> >> Alexandre > >> >> > >> >> > >> >> > >> >> > >> >> ----- Original Message ----- > >> >> From: Rafael Alves Machado > >> >> To: > asteriskbrasil@listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbra...@listas.asteriskbrasil.org> > >> >> Sent: Tuesday, October 20, 2009 5:14 PM > >> >> Subject: [AsteriskBrasil] RES: Vulnerabilidade Asterisk > >> >> > >> >> O ataque foi uma falha na segurança do asterisk alguma coisa com SSL, > >> liguei > >> >> no suporte trixbox no EUA e me passaram isso, utilizo trixbox 2.6.2.2 > >> >> Asterisk 1.6 assim que capturar o log eu encaminho, mas é praticamente > >> >> assim, a pessoa invade o servidor consegue criar ramal e efetua > >> diversas > >> >> ligações para todo o mundo, rastreamos o ip que estava acessando e era > >> da > >> >> China, ele conseguiu de alguma forma acessar pela porta 5060 e suas > >> >> derivadas. > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> Rafael > >> >> > >> >> > >> >> > >> >> De: > asteriskbrasil-boun...@listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbrasil-boun...@listas.asteriskbrasil.org> > >> >> > [mailto:asteriskbrasil-boun...@listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbrasil-boun...@listas.asteriskbrasil.org>] > >> Em nome de Roniton > >> >> Rezende Oliveira > >> >> Enviada em: terça-feira, 20 de outubro de 2009 17:21 > >> >> Para: > asteriskbrasil@listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbra...@listas.asteriskbrasil.org> > >> >> Assunto: Re: [AsteriskBrasil] Vulnerabilidade Asterisk > >> >> > >> >> > >> >> > >> >> Como foi o ataque? Você tem Log!! > >> >> Seu sistema está atualizado? > >> >> Seu firewall está bem configurado? > >> >> > >> >> Roniton Oliveira > >> >> > >> >> 2009/10/20 Giancarlo Rubio > <gianru...@gmail.com<http://br.mc522.mail.yahoo.com/mc/compose?to=gianru...@gmail.com> > >> > > >> >> > >> >> 2009/10/20 Rafael Alves Machado > <raf...@aflsistemas.com.br<http://br.mc522.mail.yahoo.com/mc/compose?to=raf...@aflsistemas.com.br> > >> >: > >> >> > >> >>> Pessoal, passei por um problema a semana passada e esta semana um > >> amigo > >> >>> mesmo passou pelo mesmo problema, um acesso devido a uma falha de > >> >>> segurança > >> >>> do asterisk, permitiu um usuário remoto a acessar o pbx-ip e efetuar > >> >>> ligações para diversos países, e alem disso criar ramais sip no pbx > >> para > >> >>> efetuar as ligações. > >> >> > >> >> Qual a falha? > >> > >> humana, provavelmente. > >> > >> >> > >> >> -- > >> >> Giancarlo Rubio > >> > >> nao estou vendo justificativas plausiveis que me levem a crer o contrario. > >> digo; ate o momento. > >> > >> $ /usr/local/etc/rc.d/flames.sh > /dev/null > >> > >> > >> > >> --------------------- > >> Webmail SecrelNet > >> > >> > >> > >> _______________________________________________ > >> http://www.voipmania.com.br > >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > >> Promoção por tempo limitado! > >> Acesse agora http://promo.voipmania.com.br > >> > >> _______________________________________________ > >> Lista de discussões AsteriskBrasil.org > >> > AsteriskBrasil@listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbra...@listas.asteriskbrasil.org> > >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > >> > >> > >> __________________________________________________ > >> Fale com seus amigos de graça com o novo Yahoo! Messenger > >> http://br.messenger.yahoo.com/ > >> > >> > >> _______________________________________________ > >> http://www.voipmania.com.br > >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > >> Promoção por tempo limitado! > >> Acesse agora http://promo.voipmania.com.br > >> > >> _______________________________________________ > >> Lista de discussões AsteriskBrasil.org > >> AsteriskBrasil@listas.asteriskbrasil.org > >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > >> > > > > > > > > -- > > #!/bin/bash > > > > Luciano Antonio Borguetti Faustino > > GNU/Linux user number: 339110 > > ICQ UIN number: 82092097 - ICQ ainda na atividade :) > > http://lucianoborguetti.blogspot.com > > > > Preconceito é opinião sem conhecimento. > > > > :wq > > > > > > _______________________________________________ > > http://www.voipmania.com.br > > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > > Promoção por tempo limitado! > > Acesse agora http://promo.voipmania.com.br > > > > _______________________________________________ > > Lista de discussões AsteriskBrasil.org > > AsteriskBrasil@listas.asteriskbrasil.org > > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > ___________________________________________________________________________________ Para fazer uma ligação DDD pra perto ou pra longe, faz um 21. A Embratel tem tarifas muito baratas esperando por você. Aproveite! _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil