Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?

[sergio]

Aconteceu comigo, eu astava na CLI do Asterisk quanto começou, fiz uma ACL no meu roteador de borda.


[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"100"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"101"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"102"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"103"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"104"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"105"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"106"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"107"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"108"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"109"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"110"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"111"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"112"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"113"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"114"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"115"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"116"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"117"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"118"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"119"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"120"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"121"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"122"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"123"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"124"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"125"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"126"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"127"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"128"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found
[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"129"<sip:1...@xxx.xxx.xxx.xxx>' failed for '75.101.255.139' - No matching peer found

 

-----Original Message-----
From: brunoantogno...@email.com
Sent: Fri, 22 Jan 2010 07:36:44 -0500
To: asteriskbrasil@listas.asteriskbrasil.org
Subject: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?

Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:

 

[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1...@xxx.xxx.xxx.xxx>' failed for '174.129.173.249' - Wrong password

Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 174.129.173.249.

 

Isso seria uma tentativa de invasão?

 

Se sim, como ele conseguiu acesso aos meus ramais SIP?

O que preciso fazer para tirar esse cara da rede?

 

Em uma pesquisa rápida descobri que esse IP é de Washington.

http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html

 

Estou alarmado a toa ou é realmente uma tentativa de invasão?

 

Obrigado lista.

_______________________________________________
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk. 
- Hardware com alta disponibilidade de recursos e qualidade KHOMP
- Suporte técnico local qualificado e gratuito 
Conheça a linha completa de produtos KHOMP em www.khomp.com.br
_______________________________________________
Lista de discussões AsteriskBrasil.org
AsteriskBrasil@listas.asteriskbrasil.org
http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil