[AsteriskBrasil] Res: RES: Vulnerabilidade Asterisk
José Eduardo C. Mazolini
eduardo_mazolini em yahoo.com
Quarta Novembro 4 13:09:27 BRST 2009
Isso é preocupante mesmo.
Sera que se o ramal existir ele responde pedindo a senha e ja entrega que o ramal existe ou vai enviar o mesmo tipo de falha?
Eduardo Mazolini
(19) 9191-2705
________________________________
De: Eder Souza <eder.souza em bsd.com.br>
Para: asteriskbrasil em listas.asteriskbrasil.org
Enviadas: Quarta-feira, 4 de Novembro de 2009 13:03:23
Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk
Log do Asterisk segue ae para vc ver um ataque massivo chutando users sips, repare quantos users ele conseguiu chutar em apenas um segundo !!!
uma amostra do log referente ao ataque !!!
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"0"<sip:0 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"1"<sip:1 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"2"<sip:2 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"3"<sip:3 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"4"<sip:4 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"5"<sip:5 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"6"<sip:6 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"7"<sip:7 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"8"<sip:8 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"9"<sip:9 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"10"<sip:10 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"11"<sip:11 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"12"<sip:12 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"13"<sip:13 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"14"<sip:14 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"15"<sip:15 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"16"<sip:16 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"17"<sip:17 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"18"<sip:18 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"19"<sip:19 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"20"<sip:20 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"21"<sip:21 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"22"<sip:22 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"23"<sip:23 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"24"<sip:24 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"25"<sip:25 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"26"<sip:26 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"27"<sip:27 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"28"<sip:28 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"29"<sip:29 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"30"<sip:30 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"31"<sip:31 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"32"<sip:32 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"33"<sip:33 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"34"<sip:34 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"35"<sip:35 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"36"<sip:36 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"37"<sip:37 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"38"<sip:38 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"39"<sip:39 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"40"<sip:40 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"41"<sip:41 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"42"<sip:42 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"43"<sip:43 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"44"<sip:44 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"45"<sip:45 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"46"<sip:46 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"47"<sip:47 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"48"<sip:48 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"49"<sip:49 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"50"<sip:50 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"51"<sip:51 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"52"<sip:52 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"53"<sip:53 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"54"<sip:54 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"55"<sip:55 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"56"<sip:56 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"57"<sip:57 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"58"<sip:58 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"59"<sip:59 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"60"<sip:60 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"61"<sip:61 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"62"<sip:62 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"63"<sip:63 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"64"<sip:64 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"65"<sip:65 em IP>' failed for '208.38.164.96' - No matching peer found
[Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"66"<sip:66 em IP>' failed for '208.38.164.96' - No matching peer found
Rastreando o IP do malvado
Hostname:208.38.164.96
ISP:E Solutions Corporation
Organization:LIGHTPORT
Proxy:None detected
Type:Corporate
Geo-Location Information
Country:United States
State/Region:FL
City:Holiday
Latitude:28.1994
Longitude:-82.7681
Area Code:727
[]'s
Eng Eder de Souza
2009/11/4 Luciano Antonio Borguetti Faustino <lucianoborguetti.listas em gmail.com>
Eder,
>
>
>
>Tentativas de entrada pela porta 5060/udp?
>Qual log seria esse, do seu firewall, do asterisk?
>
>
>Abraço,
>
>
>2009/11/3 eder souza <ederwander em yahoo.com.br>
>
>tbm acho q é falha humana, a duas semanas peguei e um log tentativa de entradas pela porta 5060, mas o kra nao obteve sucesso !!!
>>
>>Eng Eder de Souza
>>
>>--- Em ter, 20/10/09, Zavam, Vinícius <egypcio em secrel.com.br> escreveu:
>>
>>
>>>De: Zavam, Vinícius <egypcio em secrel.com.br>
>>>Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk
>>>
>>>
>>>Para: asteriskbrasil em listas.asteriskbrasil.org
>>>Data: Terça-feira, 20 de Outubro de 2009, 22:40
>>>
>>>
>>>
>>>
>>>Citando Josué Conti:
>>>
>>>> Poderia ser o parâmetro allowguest setado como yes?
>>>>
>>>> 2009/10/20 Alexandre Ricardo Souza Silva <alexandre em componentizar.com.br>:
>>>>>>>> Rafael,
>>>>>
>>>>> Teria como vc descrever o seu ambiente, do tipo , o seu
>>>>> pbx-ip esta na web ou nao e etc.
>>>>>
>>>>> Fico no aguardo.
>>>>>
>>>>>>>> Abraço
>>>>> Alexandre
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: Rafael Alves Machado
>>>>> To: asteriskbrasil em listas.asteriskbrasil.org
>>>>>>>> Sent: Tuesday, October 20, 2009 5:14 PM
>>>>> Subject: [AsteriskBrasil] RES: Vulnerabilidade Asterisk
>>>>>
>>>>> O ataque foi uma falha na segurança do asterisk alguma coisa com SSL, liguei
>>>>>>>> no suporte trixbox no EUA e me passaram isso, utilizo trixbox 2.6.2.2
>>>>> Asterisk 1.6 assim que capturar o log eu encaminho, mas é praticamente
>>>>> assim, a pessoa invade o servidor consegue criar ramal e efetua diversas
>>>>>>>> ligações para todo o mundo, rastreamos o ip que estava acessando e era da
>>>>> China, ele conseguiu de alguma forma acessar pela porta 5060 e suas
>>>>> derivadas.
>>>>>
>>>>>
>>>>>
>>>>>>>>
>>>>>
>>>>> Rafael
>>>>>
>>>>>
>>>>>
>>>>> De: asteriskbrasil-bounces em listas.asteriskbrasil.org
>>>>>>>> [mailto:asteriskbrasil-bounces em listas.asteriskbrasil.org] Em nome de Roniton
>>>>> Rezende Oliveira
>>>>>>>> Enviada em: terça-feira, 20 de outubro de 2009 17:21
>>>>> Para: asteriskbrasil em listas.asteriskbrasil.org
>>>>>>>> Assunto: Re: [AsteriskBrasil] Vulnerabilidade Asterisk
>>>>>
>>>>>
>>>>>
>>>>> Como foi o ataque? Você tem Log!!
>>>>> Seu sistema está atualizado?
>>>>> Seu firewall está bem configurado?
>>>>>>>>
>>>>> Roniton Oliveira
>>>>>
>>>>> 2009/10/20 Giancarlo Rubio <gianrubio em gmail.com>
>>>>>
>>>>>>>> 2009/10/20 Rafael Alves Machado <rafael em aflsistemas.com.br>:
>>>>>
>>>>>> Pessoal, passei por um problema a semana passada e esta semana um amigo
>>>>>>>>> mesmo passou pelo mesmo problema, um acesso devido a uma falha de
>>>>>> segurança
>>>>>> do asterisk, permitiu um usuário remoto a acessar o pbx-ip e efetuar
>>>>>> ligações para diversos países, e alem disso criar ramais sip no pbx para
>>>>>>>>> efetuar as ligações.
>>>>>
>>>>> Qual a falha?
>>>
>>>humana, provavelmente.
>>>
>>>>>
>>>>> --
>>>>> Giancarlo Rubio
>>>
>>>nao estou vendo justificativas plausiveis que me levem a crer o contrario.
>>>>>>digo; ate o momento.
>>>
>>>$ /usr/local/etc/rc.d/flames.sh > /dev/null
>>>
>>>
>>>
>>>---------------------
>>>Webmail SecrelNet
>>>
>>>
>>>
>>>_______________________________________________
>>>http://www.voipmania.com.br
>>>>>>Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>>>Promoção por tempo limitado!
>>>Acesse agora http://promo.voipmania.com.br
>>>
>>>_______________________________________________
>>>>>>Lista de discussões AsteriskBrasil.org
>>>AsteriskBrasil em listas.asteriskbrasil.org
>>>http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>>
>>
>>__________________________________________________
>>Fale com seus amigos de graça com o novo Yahoo! Messenger
>>http://br.messenger.yahoo.com/
>>
>>_______________________________________________
>>http://www.voipmania.com.br
>>Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>>Promoção por tempo limitado!
>>>>Acesse agora http://promo.voipmania.com.br
>>
>>_______________________________________________
>>Lista de discussões AsteriskBrasil.org
>>AsteriskBrasil em listas.asteriskbrasil.org
>>http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
>
>
>--
>#!/bin/bash
>
>Luciano Antonio Borguetti Faustino
>GNU/Linux user number: 339110
>ICQ UIN number: 82092097 - ICQ ainda na atividade :)
>http://lucianoborguetti.blogspot.com
>
>Preconceito é opinião sem conhecimento.
>
>:wq
>
>
>_______________________________________________
>http://www.voipmania.com.br
>Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>>Promoção por tempo limitado!
>Acesse agora http://promo.voipmania.com.br
>
>_______________________________________________
>Lista de discussões AsteriskBrasil.org
>AsteriskBrasil em listas.asteriskbrasil.org
>http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20091104/72f06cb4/attachment-0001.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil