Fica facil descobrir o nome de usuário quando ele é o mesmo número do ramal.
2010/1/22 SONAVoIP TELECOM | Suporte - Roberto Soares < supo...@sonavoip.com.br> > Bom dia Bruno, > > > > Realmente acredito que seja tentativa de invasão. Já sofremos isso em > alguns de nossos servidores, o pessoal descobre seu sip Server, e > simplesmente usam de sistemas e mandam varias tentativas de registro, com > usuário e senha, na verdade, ele não descobriu seu usuário, ele manda > aleatoriamente varias combinações tentando registrar. O que nos usamos para > combater isso, é o constante monitoramento do nosso sistema, e quando se > observa esta tentativa de invasão, automaticamente bloqueamos o IP, e > aquele ip não consegue mais mandar. Cuidado pra não bloquear ip de cliente > seu. > > > > Abraço > > > > > > > > Roberto Soares > > *---------------------------------------------------- * > > SONAVoIP - CONECTANDO PESSOAS!!! > > (MSN)supo...@sonavoip.com.br > > www.sonavoip.com.br <http://www.soaresnascimento.com.br/> > > > > 55-33-3038-0251 G. Valadares > > 55-31-3059-0420 Ipatinga > > 55-31-3058-0147 Belo horizonte > > 55-71-2626-0205 Salvador > > 55-21-3005-0206 Rio de Janeiro > > 55-11-2626-4583 São Paulo > > > > [image: cid:image001.jpg@01CA7511.6EBCEF10] > > > > *De:* asteriskbrasil-boun...@listas.asteriskbrasil.org [mailto: > asteriskbrasil-boun...@listas.asteriskbrasil.org] *Em nome de * > brunoantogno...@email.com > *Enviada em:* sexta-feira, 22 de janeiro de 2010 10:37 > *Para:* asteriskbrasil@listas.asteriskbrasil.org > *Assunto:* [AsteriskBrasil] (URGENTE) Tentativa de Invasão? > > > > > > Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg: > > > > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: > Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for > '174.129.173.249' - Wrong password > > Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip > 1013 (através do método BruteForce) pelo meu link do speedy. O IP do > "invasor" é 174.129.173.249. > > > > Isso seria uma tentativa de invasão? > > > > Se sim, como ele conseguiu acesso aos meus ramais SIP? > > O que preciso fazer para tirar esse cara da rede? > > > > Em uma pesquisa rápida descobri que esse IP é de Washington. > > http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html > > > > Estou alarmado a toa ou é realmente uma tentativa de invasão? > > > > Obrigado lista. > > Nenhum vírus encontrado nessa mensagem recebida. > Verificado por AVG - www.avgbrasil.com.br > Versão: 9.0.730 / Banco de dados de vírus: 271.1.1/2636 - Data de > Lançamento: 01/22/10 05:34:00 > > _______________________________________________ > KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. > - Hardware com alta disponibilidade de recursos e qualidade KHOMP > - Suporte técnico local qualificado e gratuito > Conheça a linha completa de produtos KHOMP em www.khomp.com.br > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > -- Eduardo Vieira
<<image001.jpg>>
_______________________________________________ KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. - Hardware com alta disponibilidade de recursos e qualidade KHOMP - Suporte técnico local qualificado e gratuito Conheça a linha completa de produtos KHOMP em www.khomp.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil