Bruno, é sim uma tentativa de invasão! usar o firewall para ele... mas nao vai adiantar, pq vc bloqueia um, e aparece outro... então ao contrario de bloquear um ip, libere apenas para os ip´s conhecidos. Seque os dados do dono desse ip, que vc pode mandar uma reclamação por email, para que eles identifiquem a invasao que houve com eles. Certamente eles foram invadidos ou é de algum usuario deles mal intencionado. OrgName: Amazon.com, Inc.
OrgID: AMAZO-4 Address: Amazon Web Services, Elastic Compute Cloud, EC2 Address: 1200 12th Avenue South City: Seattle StateProv: WA PostalCode: 98144 Country: US NetRange: 174.129.0.0 - 174.129.255.255 CIDR: 174.129.0.0/16 NetName: AMAZON-EC2-5 NetHandle: NET-174-129-0-0-1 Parent: NET-174-0-0-0-0 NetType: Direct Assignment NameServer: PDNS1.ULTRADNS.NET NameServer: PDNS2.ULTRADNS.NET NameServer: PDNS3.ULTRADNS.ORG Comment: The activity you have detected originates from a Comment: dynamic hosting environment. Comment: For fastest response, please submit abuse reports at Comment: https://www.amazon.com/gp/html-forms-controller/AWSAbuse/ Comment: For more information regarding EC2 see: Comment: http://ec2.amazonaws.com/ Comment: All reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Comment: Without these we will be unable to identify Comment: the correct owner of the IP address at that Comment: point in time. RegDate: 2008-08-08 Updated: 2009-07-28 RAbuseHandle: AEA8-ARIN RAbuseName: Amazon EC2 Abuse RAbusePhone: +1-206-266-2187 RAbuseEmail: ec2-ab...@amazon.com RNOCHandle: ANO24-ARIN RNOCName: Amazon EC2 Network Operations RNOCPhone: +1-206-266-2187 RNOCEmail: aes-...@amazon.com RTechHandle: ANO24-ARIN RTechName: Amazon EC2 Network Operations RTechPhone: +1-206-266-2187 RTechEmail: aes-...@amazon.com OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-266-2187 OrgAbuseEmail: ec2-ab...@amazon.com OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-266-2187 OrgTechEmail: aes-...@amazon.com -----Mensagem original----- De: asteriskbrasil-boun...@listas.asteriskbrasil.org [mailto:asteriskbrasil-boun...@listas.asteriskbrasil.org] Em nome de brunoantogno...@email.com Enviada em: sexta-feira, 22 de janeiro de 2010 10:37 Para: asteriskbrasil@listas.asteriskbrasil.org Assunto: [AsteriskBrasil] (URGENTE) Tentativa de Invasão? Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg: [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 174.129.173.249. Isso seria uma tentativa de invasão? Se sim, como ele conseguiu acesso aos meus ramais SIP? O que preciso fazer para tirar esse cara da rede? Em uma pesquisa rápida descobri que esse IP é de Washington. http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html Estou alarmado a toa ou é realmente uma tentativa de invasão? Obrigado lista.
_______________________________________________ KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. - Hardware com alta disponibilidade de recursos e qualidade KHOMP - Suporte técnico local qualificado e gratuito Conheça a linha completa de produtos KHOMP em www.khomp.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil