Re: [AsteriskBrasil] (URGENTE) Tentativa de Invas ão?

meiralins Fri, 22 Jan 2010 06:32:11 -0800

Roniton, as dicas são muito boas, mas elas não mostram exemplos práticos de 
como implementar. Você pode ajudar?


Tenho certeza que muitos dos usuários da lista (estou entre eles), desejam 
melhorar a segurança dia a dia, mas de fato não sabem implantar todas as 
medidas e surgem dúvidas.

Por exemplo, para definir no permite e deny, você tem um exemplo prático e 
uma regra com a lista para liberar acesso somente o acesso para IP's do 
Brasil e IP's de Portugal? Eu já busquei e pedi esta informação para a 
NIC.BR, mas eles não me passaram.

Na implantação de alwaysauthreject=yes, isto não traria algum tipo de 
instabilidade ou atrapalharia um debug por exemplo?

Grato;
Fernando




--------------------------------------------------
From: "Roniton Rezende Oliveira" <roni...@gmail.com>
Sent: Friday, January 22, 2010 10:16 AM
To: <asteriskbrasil@listas.asteriskbrasil.org>
Subject: Re: [AsteriskBrasil](URGENTE) Tentativa de Invasão?

> Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk
> (http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk)
> ou o original (http://blogs.digium.com/2009/03/28/sip-security/)
>
> Roniton Oliveira
>
> 2010/1/22  <brunoantogno...@email.com>:
>>
>>
>> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
>>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for
>> '174.129.173.249' - Wrong password
>> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no 
>> sip
>> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do
>> "invasor" é 174.129.173.249.
>>
>> Isso seria uma tentativa de invasão?
>>
>> Se sim, como ele conseguiu acesso aos meus ramais SIP?
>> O que preciso fazer para tirar esse cara da rede?
>>
>> Em uma pesquisa rápida descobri que esse IP é de Washington.
>> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
>>
>> Estou alarmado a toa ou é realmente uma tentativa de invasão?
>>
>> Obrigado lista.
>> _______________________________________________
>> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
>> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
>> - Suporte técnico local qualificado e gratuito
>> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
>> _______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil@listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil@listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>

 

_______________________________________________
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. 
- Hardware com alta disponibilidade de recursos e qualidade KHOMP
- Suporte técnico local qualificado e gratuito 
Conheça a linha completa de produtos KHOMP em www.khomp.com.br
_______________________________________________
Lista de discussões AsteriskBrasil.org
AsteriskBrasil@listas.asteriskbrasil.org
http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil

Re: [AsteriskBrasil] (URGENTE) Tentativa de Invas ão?

Responder a