Testei alwaysauthreject=yes Ainda sim o asterisk trata diferente. Ou seja comeu mais processador, mais rede e o assunto mesmo não resolveu. Portanto tanto faz com ou sem.
Ramal 1 inexistente: x-lite: REGISTER Asterisk: 401 Unauthorized x-lite: REGISTER Asterisk: 401 Unauthorized x-lite: REGISTER Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Asterisk: 401 Unauthorized Ramal 2 existente x-lite: REGISTER Asterisk: 100 Trying Asterisk: 401 Unauthorized x-lite: REGISTER Asterisk: 100 Trying Asterisk: 403 Forbidden (Bad auth) Eduardo Mazolini (19) 9191-2705 ----- Mensagem original ---- De: Saulo Quinteiro <sauloquinte...@gmail.com> Para: asteriskbrasil@listas.asteriskbrasil.org Enviadas: Quarta-feira, 4 de Novembro de 2009 14:34:55 Assunto: Re: [AsteriskBrasil] Res: RES: Vulnerabilidade Asterisk José da uma olhada nesse link. http://www.voipexperts.com.br/tutoriais-sobre-asterisk-e-voip/seguranca-no-asterisk E um Firewall bem elaborado ajuda bastante tb. Vai ajudar no seu problema. Saulo Quinteiro Dos Santos Fone: 41-2141-9567 Graduando em Ciência da Computação - UFPR msn : sauloquinte...@gmail.com e-mail: sa...@mpsinf.com.br cel : 41-9927-5236 José Eduardo C. Mazolini escreveu: > Eu acabo de fazer um teste com X-LITE > E o asterisk é um problema, aconselho colocar um router SIP na frente e > tratar esse problema. > Ele não devia mostrar para o atacante qual ramal existe qual não. Pois > depois de identificado o ramal existente ele passa a testar senhas. > > Obrigado pela dica do programa pois é necessário criar algo automático > pra bloqueio de intrusos. > Já ouvi falar em um serviço semelhante a DNS onde são cadastrados > maquinas que geram ataque e esse registro dura algumas horas. > Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip la, > vc antes de autorizar uma conexão já confere nesta lista se tiver vc ja > bloqueia de cara o atacante. > > Isso pode ser complicado pois alguem mal intencionado pode fazer falsas > acusações contra vc e vc fica bloqueado sem ter feito nada. > Mas criar uma base desta com controle sobre os que fazem a denucia, só > servidores da empresa, grupo de trabalho, empresas que possuem negocio > em comum pode ajudar. > > Observe o que aconteceu: > > Ramal 1 inexistente: > x-lite: REGISTER > Asterisk: 404 Not found > > Ramal 2 existente > x-lite: REGISTER > Asterisk: 100 Trying > Asterisk: 401 Unauthorized > x-lite: REGISTER > Asterisk: 100 Trying > Asterisk: 403 Forbidden (Bad auth) > > > > > Eduardo Mazolini > (19) 9191-2705 > > > ------------------------------------------------------------------------ > *De:* Luciano Antonio Borguetti Faustino <lucianoborguetti.lis...@gmail.com> > *Para:* asteriskbrasil@listas.asteriskbrasil.org > *Enviadas:* Quarta-feira, 4 de Novembro de 2009 13:40:10 > *Assunto:* Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk > > Eder, > > Interessante, > > Trantando o problema mais profissionamente acoselho a instalação de um > IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você consegue > identificar esses tipos de ataques e criar ações, como exemplo o > bloqueio do host atacante. > > []s, > > 2009/11/4 Itamar Reis Peixoto <ita...@ispbrasil.com.br > <mailto:ita...@ispbrasil.com.br>> > > eu continuo com a minha opiniao de que iptables e' pra boiola > > route add -host 208.38.164.96 reject > > resolve o problema ! > > > > 2009/11/4 Eder Souza <eder.so...@bsd.com.br > <mailto:eder.so...@bsd.com.br>> > > > > Log do Asterisk segue ae para vc ver um ataque massivo chutando > users sips, repare quantos users ele conseguiu chutar em apenas um > segundo !!! > > > > > > uma amostra do log referente ao ataque !!! > > > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"0"<sip:0...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"1"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"2"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"3"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"4"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"5"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"6"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"7"<sip:7...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"8"<sip:8...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"9"<sip:9...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"10"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"11"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"12"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"13"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"14"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"15"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"16"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"17"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"18"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"19"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"20"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"21"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"22"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"23"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"24"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"25"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"26"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"27"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"28"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"29"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"30"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"31"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"32"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"33"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"34"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"35"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"36"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"37"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"38"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"39"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"40"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"41"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"42"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"43"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"44"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"45"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"46"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"47"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"48"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"49"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"50"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"51"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"52"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"53"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"54"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"55"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"56"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"57"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"58"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > '"59"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"60"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"61"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"62"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"63"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"64"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"65"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > '"66"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer found > > > ------------ > > Itamar Reis Peixoto > > e-mail/msn/google talk/sip: ita...@ispbrasil.com.br > <mailto:ita...@ispbrasil.com.br> > skype: itamarjp > icq: 81053601 > +55 11 4063 5033 > +55 34 3221 8599 > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > <mailto:AsteriskBrasil@listas.asteriskbrasil.org> > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > > > -- > #!/bin/bash > > Luciano Antonio Borguetti Faustino > GNU/Linux user number: 339110 > ICQ UIN number: 82092097 - ICQ ainda na atividade :) > http://lucianoborguetti.blogspot.com > > Preconceito é opinião sem conhecimento. > > :wq > > ------------------------------------------------------------------------ > Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10 > <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/> > > - Celebridades > <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/celebridades/> > > - Música > <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/m%C3%BAsica/> > > - Esportes > <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/esportes/> > > > ------------------------------------------------------------------------ > > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil ____________________________________________________________________________________ Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil