Roniton, as dicas são muito boas, mas elas não mostram exemplos práticos de como implementar. Você pode ajudar?
Tenho certeza que muitos dos usuários da lista (estou entre eles), desejam melhorar a segurança dia a dia, mas de fato não sabem implantar todas as medidas e surgem dúvidas. Por exemplo, para definir no permite e deny, você tem um exemplo prático e uma regra com a lista para liberar acesso somente o acesso para IP's do Brasil e IP's de Portugal? Eu já busquei e pedi esta informação para a NIC.BR, mas eles não me passaram. Na implantação de alwaysauthreject=yes, isto não traria algum tipo de instabilidade ou atrapalharia um debug por exemplo? Grato; Fernando -------------------------------------------------- From: "Roniton Rezende Oliveira" <roni...@gmail.com> Sent: Friday, January 22, 2010 10:16 AM To: <asteriskbrasil@listas.asteriskbrasil.org> Subject: Re: [AsteriskBrasil](URGENTE) Tentativa de Invasão? > Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk > (http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk) > ou o original (http://blogs.digium.com/2009/03/28/sip-security/) > > Roniton Oliveira > > 2010/1/22 <brunoantogno...@email.com>: >> >> >> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg: >> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 >> handle_request_register: >> Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for >> '174.129.173.249' - Wrong password >> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no >> sip >> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do >> "invasor" é 174.129.173.249. >> >> Isso seria uma tentativa de invasão? >> >> Se sim, como ele conseguiu acesso aos meus ramais SIP? >> O que preciso fazer para tirar esse cara da rede? >> >> Em uma pesquisa rápida descobri que esse IP é de Washington. >> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html >> >> Estou alarmado a toa ou é realmente uma tentativa de invasão? >> >> Obrigado lista. >> _______________________________________________ >> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. >> - Hardware com alta disponibilidade de recursos e qualidade KHOMP >> - Suporte técnico local qualificado e gratuito >> Conheça a linha completa de produtos KHOMP em www.khomp.com.br >> _______________________________________________ >> Lista de discussões AsteriskBrasil.org >> AsteriskBrasil@listas.asteriskbrasil.org >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >> > _______________________________________________ > KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. > - Hardware com alta disponibilidade de recursos e qualidade KHOMP > - Suporte técnico local qualificado e gratuito > Conheça a linha completa de produtos KHOMP em www.khomp.com.br > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > _______________________________________________ KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. - Hardware com alta disponibilidade de recursos e qualidade KHOMP - Suporte técnico local qualificado e gratuito Conheça a linha completa de produtos KHOMP em www.khomp.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil