Como ação emergencial adicione uma regra de DROP pra este IP no seu IPTABLES.
2010/1/22 <brunoantogno...@email.com> > > > Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg: > > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no > sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do > "invasor" é 174.129.173.249. > > Isso seria uma tentativa de invasão? > > Se sim, como ele conseguiu acesso aos meus ramais SIP? > O que preciso fazer para tirar esse cara da rede? > > Em uma pesquisa rápida descobri que esse IP é de Washington. > http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html > > Estou alarmado a toa ou é realmente uma tentativa de invasão? > > Obrigado lista. > > _______________________________________________ > KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. > - Hardware com alta disponibilidade de recursos e qualidade KHOMP > - Suporte técnico local qualificado e gratuito > Conheça a linha completa de produtos KHOMP em www.khomp.com.br > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > -- Eduardo Vieira
_______________________________________________ KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. - Hardware com alta disponibilidade de recursos e qualidade KHOMP - Suporte técnico local qualificado e gratuito Conheça a linha completa de produtos KHOMP em www.khomp.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil