[AsteriskBrasil] RES: Vulnerabilidade Asterisk

Eder Souza eder.souza em bsd.com.br
Quarta Novembro 4 14:02:07 BRST 2009


Rastreando mais a fundo :

Interesting ports on 208.38.164.96:
Not shown: 1670 closed ports
PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    open     ssh
80/tcp    open     http
111/tcp   open     rpcbind
443/tcp   open     https
623/tcp   filtered unknown
664/tcp   filtered unknown
672/tcp   open     unknown
3306/tcp  open     mysql
10000/tcp open     snet-sensor-mgmt
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.18 - 2.4.27

Vlw luciano mas prefiro o OSSEC

2009/11/4 Luciano Antonio Borguetti Faustino <
lucianoborguetti.listas em gmail.com>

> Eder,
>
> Interessante,
>
> Trantando o problema mais profissionamente acoselho a instalação de um
> IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você consegue
> identificar esses tipos de ataques e criar ações, como exemplo o bloqueio do
> host atacante.
>
> []s,
>
> 2009/11/4 Itamar Reis Peixoto <itamar em ispbrasil.com.br>
>
> eu continuo com a minha opiniao de que iptables e' pra boiola
>>
>> route add -host 208.38.164.96 reject
>>
>> resolve o problema !
>>
>>
>>
>> 2009/11/4 Eder Souza <eder.souza em bsd.com.br>
>>  >
>> > Log do Asterisk segue ae para vc ver um ataque massivo chutando users
>> sips, repare quantos users ele conseguiu chutar em apenas um segundo !!!
>> >
>> >
>> > uma amostra do log referente ao ataque !!!
>> >
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"0"<sip:0 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"1"<sip:1 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"2"<sip:2 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"3"<sip:3 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"4"<sip:4 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"5"<sip:5 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"6"<sip:6 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"7"<sip:7 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"8"<sip:8 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"9"<sip:9 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"10"<sip:10 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"11"<sip:11 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"12"<sip:12 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"13"<sip:13 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"14"<sip:14 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"15"<sip:15 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"16"<sip:16 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"17"<sip:17 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"18"<sip:18 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"19"<sip:19 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"20"<sip:20 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"21"<sip:21 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"22"<sip:22 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"23"<sip:23 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"24"<sip:24 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"25"<sip:25 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"26"<sip:26 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"27"<sip:27 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"28"<sip:28 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"29"<sip:29 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"30"<sip:30 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"31"<sip:31 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"32"<sip:32 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"33"<sip:33 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"34"<sip:34 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"35"<sip:35 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"36"<sip:36 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"37"<sip:37 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"38"<sip:38 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"39"<sip:39 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"40"<sip:40 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"41"<sip:41 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"42"<sip:42 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"43"<sip:43 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"44"<sip:44 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"45"<sip:45 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"46"<sip:46 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"47"<sip:47 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"48"<sip:48 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"49"<sip:49 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"50"<sip:50 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"51"<sip:51 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"52"<sip:52 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"53"<sip:53 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"54"<sip:54 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"55"<sip:55 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"56"<sip:56 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"57"<sip:57 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"58"<sip:58 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>> '"59"<sip:59 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"60"<sip:60 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"61"<sip:61 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"62"<sip:62 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"63"<sip:63 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"64"<sip:64 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"65"<sip:65 em IP>' failed for '208.38.164.96' - No matching peer found
>> > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>> '"66"<sip:66 em IP>' failed for '208.38.164.96' - No matching peer found
>>
>>
>> ------------
>>
>> Itamar Reis Peixoto
>>
>> e-mail/msn/google talk/sip: itamar em ispbrasil.com.br
>> skype: itamarjp
>> icq: 81053601
>> +55 11 4063 5033
>> +55 34 3221 8599
>>
>> _______________________________________________
>> http://www.voipmania.com.br
>> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>> Promoção por tempo limitado!
>> Acesse agora http://promo.voipmania.com.br
>>
>> _______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil em listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
>
>
>
> --
> #!/bin/bash
>
> Luciano Antonio Borguetti Faustino
> GNU/Linux user number: 339110
> ICQ UIN number: 82092097 - ICQ ainda na atividade :)
> http://lucianoborguetti.blogspot.com
>
> Preconceito é opinião sem conhecimento.
>
> :wq
>
>
> _______________________________________________
> http://www.voipmania.com.br
> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
> Promoção por tempo limitado!
> Acesse agora http://promo.voipmania.com.br
>
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20091104/5c6f3a06/attachment-0001.htm 


Mais detalhes sobre a lista de discussão AsteriskBrasil