Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?

brunoantognolli Fri, 22 Jan 2010 06:06:11 -0800

Ok, mto obrigado.

Já tomamos as medidas de segurança necessária, bloqueando portas, ips, etc...


Conseguimos suspender o ataque.

Mto obrigado a todos!

Att,
Bruno






-----Original Message-----
From: Wendell Silva <wendbande...@gmail.com>
To: asteriskbrasil@listas.asteriskbrasil.org
Sent: Fri, Jan 22, 2010 11:19 am
Subject: Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?


Bom pelo log, é alguém forçando um senha para um sip, o prejuizo é apenas na 
conta telefonica, e tem gente ainda usa senha padrão para os sip   

   Eu acho que são só esse o prejuizo.

Att.

Wendell Silva Bandeira


2010/1/22 <brunoantogno...@email.com>

Ok, já vamos providenciar isso, obrigado pela dica Wendell.
 
Mas isso é uma tentativa de invasão?
Se sim, quais os prejuízos que posso ter com isso?
 
É possível o invasor acessar um ramal sip, tentando conectar através desse ip e 
realizar ligações, por exemplo?
 
Att,
Bruno








-----Original Message-----
From: Wendell Silva <wendbande...@gmail.com>
To: asteriskbrasil@listas.asteriskbrasil.org
Sent: Fri, Jan 22, 2010 10:47 am
Subject: Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?


Configura o ipfw no seu servidor e bloqueia este ip.

Att.

Wendell Silva Bandeira


2010/1/22 <brunoantogno...@email.com>




Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
 
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: 
Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for 
'174.129.173.249' - Wrong password

Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 
(através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 
174.129.173.249.
 
Isso seria uma tentativa de invasão? 
 
Se sim, como ele conseguiu acesso aos meus ramais SIP?
O que preciso fazer para tirar esse cara da rede?
 
Em uma pesquisa rápida descobri que esse IP é de Washington.
http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
 
Estou alarmado a toa ou é realmente uma tentativa de invasão?
 
Obrigado lista.

_______________________________________________
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
- Hardware com alta disponibilidade de recursos e qualidade KHOMP
- Suporte técnico local qualificado e gratuito
Conheça a linha completa de produtos KHOMP em www.khomp.com.br
_______________________________________________
Lista de discussões AsteriskBrasil.org
AsteriskBrasil@listas.asteriskbrasil.org
http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil




_______________________________________________
HOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. 
 Hardware com alta disponibilidade de recursos e qualidade KHOMP
 Suporte técnico local qualificado e gratuito 
onheça a linha completa de produtos KHOMP em www.khomp.com.br
______________________________________________
ista de discussões AsteriskBrasil.org
steriskbra...@listas.asteriskbrasil.org
ttp://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil



_______________________________________________
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
- Hardware com alta disponibilidade de recursos e qualidade KHOMP
- Suporte técnico local qualificado e gratuito
Conheça a linha completa de produtos KHOMP em www.khomp.com.br
_______________________________________________
Lista de discussões AsteriskBrasil.org
AsteriskBrasil@listas.asteriskbrasil.org
http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil




_______________________________________________
HOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. 
 Hardware com alta disponibilidade de recursos e qualidade KHOMP
 Suporte técnico local qualificado e gratuito 
onheça a linha completa de produtos KHOMP em www.khomp.com.br
______________________________________________
ista de discussões AsteriskBrasil.org
steriskbra...@listas.asteriskbrasil.org
ttp://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil

_______________________________________________
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. 
- Hardware com alta disponibilidade de recursos e qualidade KHOMP
- Suporte técnico local qualificado e gratuito 
Conheça a linha completa de produtos KHOMP em www.khomp.com.br
_______________________________________________
Lista de discussões AsteriskBrasil.org
AsteriskBrasil@listas.asteriskbrasil.org
http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil

Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?

Reply via email to