Corrigi valeu! Eu acabo de baixar o tar do site. cd /tmp wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1.4.26.2.tar.gz
Descompactei tar -xvf asterisk-1.4.26.2.tar.gz Compilei cd asterisk-1.4.26.2 ./configure make Copiei só o arquivo modificado pra solucionar o problema. cp /tmp/asterisk-1.4.26.2/channels/chan_sip.so /usr/lib/asterisk/modules/chan_sip.so Qual seria o risco de trocar mais arquivos? Eduardo Mazolini (19) 9191-2705 ----- Mensagem original ---- De: Italo Rossi <italoros...@gmail.com> Para: asteriskbrasil@listas.asteriskbrasil.org Enviadas: Quarta-feira, 4 de Novembro de 2009 16:04:10 Assunto: Re: [AsteriskBrasil] Res: Res: RES: Vulnerabilidade Asterisk José Eduardo, Usei o X-lite com a opção alwaysauthreject=yes e: Peer EXISTENTE: [09-11-04]14:49:17.200 | Info | RESIP:DUM | "Got: SipResp: 403 tid=67e67d2ed75dc56a cseq=REGISTER / 2 from(wire)" | [09-11-04]14:49:17.210 | Info | CCM | "Response code to SIP request did not match any entry specified in retry-response-list. Response: 403[URI:x...@xxxxxxxxxxx]" No visor: Registration error: 403 - Forbidden (Bad auth) Peer INVÁLIDO: [09-11-04]14:51:41.583 | Info | RESIP:DUM | "Got: SipResp: 403 tid=5e033b14d1feec10 cseq=REGISTER / 2 from(wire)" | [09-11-04]14:51:41.584 | Info | CCM | "Response code to SIP request did not match any entry specified in retry-response-list. Response: 403[URI:x...@xxxxxxxxxxx]" No visor: Registration error: 403 - Forbidden (Bad auth) Os mesmos testes SEM alwaysauthreject, veja: Peer INVÁLIDO: [09-11-04]14:55:04.455 | Info | RESIP:DUM | "Got: SipResp: 404 tid=6c8ef453611d666d cseq=REGISTER / 1 from(wire)" | [09-11-04]14:55:04.456 | Info | CCM | "Response code to SIP request did not match any entry specified in retry-response-list. Response: 404[URI:x...@xxxxxxxxxxx]" No visor: Registration error: 404 - Not found Peer EXISTENTE: [09-11-04]14:56:13.403 | Info | RESIP:DUM | "Got: SipResp: 403 tid=aef2611fe41a6e75 cseq=REGISTER / 2 from(wire)" | [09-11-04]14:56:13.403 | Info | CCM | "Response code to SIP request did not match any entry specified in retry-response-list. Response: 403[URI:x...@xxxxxxxxxxx]" No visor: Registration error: 403 - Forbidden (Bad auth) Testado com asterisk 1.4.26 Como você fez estes testes? On Nov 4, 2009, at 2:37 PM, José Eduardo C. Mazolini wrote: > Testei alwaysauthreject=yes > > > Ainda sim o asterisk trata diferente. Ou seja comeu mais > processador, mais rede e o assunto mesmo não resolveu. > Portanto tanto faz com ou sem. > > Ramal 1 inexistente: > x-lite: REGISTER > Asterisk: 401 Unauthorized > x-lite: REGISTER > Asterisk: 401 Unauthorized > x-lite: REGISTER > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > Asterisk: 401 Unauthorized > > Ramal 2 existente > x-lite: REGISTER > Asterisk: 100 Trying > Asterisk: 401 Unauthorized > x-lite: REGISTER > Asterisk: 100 Trying > Asterisk: 403 Forbidden (Bad auth) > > > Eduardo Mazolini > (19) 9191-2705 > > > > ----- Mensagem original ---- > De: Saulo Quinteiro <sauloquinte...@gmail.com> > Para: asteriskbrasil@listas.asteriskbrasil.org > Enviadas: Quarta-feira, 4 de Novembro de 2009 14:34:55 > Assunto: Re: [AsteriskBrasil] Res: RES: Vulnerabilidade Asterisk > > José da uma olhada nesse link. > > http://www.voipexperts.com.br/tutoriais-sobre-asterisk-e-voip/seguranca-no-asterisk > > E um Firewall bem elaborado ajuda bastante tb. > Vai ajudar no seu problema. > > > Saulo Quinteiro Dos Santos > Fone: 41-2141-9567 > Graduando em Ciência da Computação - UFPR > msn : sauloquinte...@gmail.com > e-mail: sa...@mpsinf.com.br > cel : 41-9927-5236 > > > > > José Eduardo C. Mazolini escreveu: >> Eu acabo de fazer um teste com X-LITE >> E o asterisk é um problema, aconselho colocar um router SIP na >> frente e >> tratar esse problema. >> Ele não devia mostrar para o atacante qual ramal existe qual não. >> Pois >> depois de identificado o ramal existente ele passa a testar senhas. >> >> Obrigado pela dica do programa pois é necessário criar algo >> automático >> pra bloqueio de intrusos. >> Já ouvi falar em um serviço semelhante a DNS onde são cadastrados >> maquinas que geram ataque e esse registro dura algumas horas. >> Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip >> la, >> vc antes de autorizar uma conexão já confere nesta lista se tiver >> vc ja >> bloqueia de cara o atacante. >> >> Isso pode ser complicado pois alguem mal intencionado pode fazer >> falsas >> acusações contra vc e vc fica bloqueado sem ter feito nada. >> Mas criar uma base desta com controle sobre os que fazem a denucia, >> só >> servidores da empresa, grupo de trabalho, empresas que possuem >> negocio >> em comum pode ajudar. >> >> Observe o que aconteceu: >> >> Ramal 1 inexistente: >> x-lite: REGISTER >> Asterisk: 404 Not found >> >> Ramal 2 existente >> x-lite: REGISTER >> Asterisk: 100 Trying >> Asterisk: 401 Unauthorized >> x-lite: REGISTER >> Asterisk: 100 Trying >> Asterisk: 403 Forbidden (Bad auth) >> >> >> >> >> Eduardo Mazolini >> (19) 9191-2705 >> >> >> ------------------------------------------------------------------------ >> *De:* Luciano Antonio Borguetti Faustino <lucianoborguetti.lis...@gmail.com >> > >> *Para:* asteriskbrasil@listas.asteriskbrasil.org >> *Enviadas:* Quarta-feira, 4 de Novembro de 2009 13:40:10 >> *Assunto:* Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk >> >> Eder, >> >> Interessante, >> >> Trantando o problema mais profissionamente acoselho a instalação de >> um >> IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você >> consegue >> identificar esses tipos de ataques e criar ações, como exemplo o >> bloqueio do host atacante. >> >> []s, >> >> 2009/11/4 Itamar Reis Peixoto <ita...@ispbrasil.com.br >> <mailto:ita...@ispbrasil.com.br>> >> >> eu continuo com a minha opiniao de que iptables e' pra boiola >> >> route add -host 208.38.164.96 reject >> >> resolve o problema ! >> >> >> >> 2009/11/4 Eder Souza <eder.so...@bsd.com.br >> <mailto:eder.so...@bsd.com.br>> >>> >>> Log do Asterisk segue ae para vc ver um ataque massivo chutando >> users sips, repare quantos users ele conseguiu chutar em apenas um >> segundo !!! >>> >>> >>> uma amostra do log referente ao ataque !!! >>> >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"0"<sip:0...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"1"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"2"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"3"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"4"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"5"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"6"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"7"<sip:7...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"8"<sip:8...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"9"<sip:9...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"10"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"11"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"12"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"13"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"14"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"15"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"16"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"17"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"18"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"19"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"20"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"21"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"22"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"23"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"24"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"25"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"26"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"27"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"28"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"29"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"30"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"31"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"32"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"33"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"34"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"35"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"36"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"37"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"38"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"39"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"40"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"41"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"42"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"43"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"44"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"45"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"46"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"47"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"48"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"49"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"50"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"51"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"52"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"53"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"54"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"55"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"56"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"57"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"58"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >> '"59"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"60"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"61"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"62"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"63"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"64"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"65"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >> '"66"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >> found >> >> >> ------------ >> >> Itamar Reis Peixoto >> >> e-mail/msn/google talk/sip: ita...@ispbrasil.com.br >> <mailto:ita...@ispbrasil.com.br> >> skype: itamarjp >> icq: 81053601 >> +55 11 4063 5033 >> +55 34 3221 8599 >> >> _______________________________________________ >> http://www.voipmania.com.br >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >> Promoção por tempo limitado! >> Acesse agora http://promo.voipmania.com.br >> >> _______________________________________________ >> Lista de discussões AsteriskBrasil.org >> AsteriskBrasil@listas.asteriskbrasil.org >> <mailto:AsteriskBrasil@listas.asteriskbrasil.org> >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >> >> >> >> >> -- >> #!/bin/bash >> >> Luciano Antonio Borguetti Faustino >> GNU/Linux user number: 339110 >> ICQ UIN number: 82092097 - ICQ ainda na atividade :) >> http://lucianoborguetti.blogspot.com >> >> Preconceito é opinião sem conhecimento. >> >> :wq >> >> ------------------------------------------------------------------------ >> Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10 >> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/ >> >> > >> - Celebridades >> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/celebridades/ >> >> > >> - Música >> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/m%C3%BAsica/ >> >> > >> - Esportes >> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/esportes/ >> >> > >> >> >> ------------------------------------------------------------------------ >> >> >> _______________________________________________ >> http://www.voipmania.com.br >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >> Promoção por tempo limitado! >> Acesse agora http://promo.voipmania.com.br >> >> _______________________________________________ >> Lista de discussões AsteriskBrasil.org >> AsteriskBrasil@listas.asteriskbrasil.org >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > > > ____________________________________________________________________________________ > Veja quais são os assuntos do momento no Yahoo! +Buscados > http://br.maisbuscados.yahoo.com > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil ____________________________________________________________________________________ Veja quais são os assuntos do momento no Yahoo! +Buscados http://br.maisbuscados.yahoo.com _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil