Bom pelo log, é alguém forçando um senha para um sip, o prejuizo é apenas na conta telefonica, e tem gente ainda usa senha padrão para os sip
Eu acho que são só esse o prejuizo. Att. Wendell Silva Bandeira 2010/1/22 <brunoantogno...@email.com> > Ok, já vamos providenciar isso, obrigado pela dica Wendell. > > Mas isso é uma tentativa de invasão? > Se sim, quais os prejuízos que posso ter com isso? > > É possível o invasor acessar um ramal sip, tentando conectar através desse > ip e realizar ligações, por exemplo? > > Att, > Bruno > > > > -----Original Message----- > From: Wendell Silva <wendbande...@gmail.com> > To: asteriskbrasil@listas.asteriskbrasil.org > Sent: Fri, Jan 22, 2010 10:47 am > Subject: Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão? > > Configura o ipfw no seu servidor e bloqueia este ip. > > Att. > > Wendell Silva Bandeira > > 2010/1/22 <brunoantogno...@email.com> > >> >> >> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg: >> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no >> sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do >> "invasor" é 174.129.173.249. >> >> Isso seria uma tentativa de invasão? >> >> Se sim, como ele conseguiu acesso aos meus ramais SIP? >> O que preciso fazer para tirar esse cara da rede? >> >> Em uma pesquisa rápida descobri que esse IP é de Washington. >> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html >> >> Estou alarmado a toa ou é realmente uma tentativa de invasão? >> >> Obrigado lista. >> >> _______________________________________________ >> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. >> - Hardware com alta disponibilidade de recursos e qualidade KHOMP >> - Suporte técnico local qualificado e gratuito >> Conheça a linha completa de produtos KHOMP em www.khomp.com.br >> _______________________________________________ >> Lista de discussões AsteriskBrasil.org >> AsteriskBrasil@listas.asteriskbrasil.org >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >> > > _______________________________________________ > KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. > - Hardware com alta disponibilidade de recursos e qualidade KHOMP > - Suporte técnico local qualificado e gratuito > Conheça a linha completa de produtos KHOMP em www.khomp.com.br > _______________________________________________ > Lista de discussões > asteriskbrasil.orgasteriskbra...@listas.asteriskbrasil.orghttp://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > _______________________________________________ > KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. > - Hardware com alta disponibilidade de recursos e qualidade KHOMP > - Suporte técnico local qualificado e gratuito > Conheça a linha completa de produtos KHOMP em www.khomp.com.br > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >
_______________________________________________ KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. - Hardware com alta disponibilidade de recursos e qualidade KHOMP - Suporte técnico local qualificado e gratuito Conheça a linha completa de produtos KHOMP em www.khomp.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil