[AsteriskBrasil] Res: RES: Vulnerabilidade Asterisk

José Eduardo C. Mazolini eduardo_mazolini em yahoo.com
Quarta Novembro 4 14:24:09 BRST 2009 

Eu acabo de fazer um teste com X-LITE
E o asterisk é um problema, aconselho colocar um router SIP na frente e tratar esse problema.
Ele não devia mostrar para o atacante qual ramal existe qual não. Pois depois de identificado o ramal existente ele passa a testar senhas.

Obrigado pela dica do programa pois é necessário criar algo automático pra bloqueio de intrusos.
Já ouvi falar em um serviço semelhante a DNS onde são cadastrados maquinas que geram ataque e esse registro dura algumas horas.
Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip la, vc antes de autorizar uma conexão já confere nesta lista se tiver vc ja bloqueia de cara o atacante.

Isso pode ser complicado pois alguem mal intencionado pode fazer falsas acusações contra vc e vc fica bloqueado sem ter feito nada.
Mas criar uma base desta com controle sobre os que fazem a denucia, só servidores da empresa, grupo de trabalho, empresas que possuem negocio em comum pode ajudar.

Observe o que aconteceu:

Ramal 1 inexistente:
x-lite: REGISTER 
Asterisk: 404 Not found

Ramal 2 existente
x-lite: REGISTER
Asterisk: 100 Trying
Asterisk: 401 Unauthorized
x-lite: REGISTER
Asterisk: 100 Trying
Asterisk: 403 Forbidden (Bad auth)




 Eduardo Mazolini
(19) 9191-2705




________________________________
De: Luciano Antonio Borguetti Faustino <lucianoborguetti.listas em gmail.com>
Para: asteriskbrasil em listas.asteriskbrasil.org
Enviadas: Quarta-feira, 4 de Novembro de 2009 13:40:10
Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk

Eder,

Interessante, 

Trantando o problema mais profissionamente acoselho a instalação de um IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você consegue identificar esses tipos de ataques e criar ações, como exemplo o bloqueio do host atacante.

[]s,


2009/11/4 Itamar Reis Peixoto <itamar em ispbrasil.com.br>

>eu continuo com a minha opiniao de que iptables e' pra boiola
>
>>route add -host 208.38.164.96 reject
>
>>resolve o problema !
>
>
>
>>2009/11/4 Eder Souza <eder.souza em bsd.com.br>
>
>>
>>> Log do Asterisk segue ae para vc ver um ataque massivo chutando users sips, repare quantos users ele conseguiu chutar em apenas um segundo !!!
>>>
>>>
>>> uma amostra do log referente ao ataque !!!
>>>
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"0"<sip:0 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"1"<sip:1 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"2"<sip:2 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"3"<sip:3 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"4"<sip:4 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"5"<sip:5 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"6"<sip:6 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"7"<sip:7 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"8"<sip:8 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"9"<sip:9 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"10"<sip:10 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"11"<sip:11 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"12"<sip:12 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"13"<sip:13 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"14"<sip:14 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"15"<sip:15 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"16"<sip:16 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"17"<sip:17 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"18"<sip:18 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"19"<sip:19 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"20"<sip:20 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"21"<sip:21 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"22"<sip:22 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"23"<sip:23 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"24"<sip:24 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"25"<sip:25 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"26"<sip:26 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"27"<sip:27 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"28"<sip:28 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"29"<sip:29 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"30"<sip:30 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"31"<sip:31 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"32"<sip:32 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"33"<sip:33 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"34"<sip:34 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"35"<sip:35 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"36"<sip:36 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"37"<sip:37 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"38"<sip:38 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"39"<sip:39 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"40"<sip:40 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"41"<sip:41 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"42"<sip:42 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"43"<sip:43 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"44"<sip:44 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"45"<sip:45 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"46"<sip:46 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"47"<sip:47 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"48"<sip:48 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"49"<sip:49 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"50"<sip:50 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"51"<sip:51 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"52"<sip:52 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"53"<sip:53 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"54"<sip:54 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"55"<sip:55 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"56"<sip:56 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"57"<sip:57 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"58"<sip:58 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"59"<sip:59 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"60"<sip:60 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"61"<sip:61 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"62"<sip:62 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"63"<sip:63 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"64"<sip:64 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"65"<sip:65 em IP>' failed for '208.38.164.96' - No matching peer found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"66"<sip:66 em IP>' failed for '208.38.164.96' - No matching peer found
>
>
>------------
>
>>Itamar Reis Peixoto
>
>>e-mail/msn/google talk/sip: itamar em ispbrasil.com.br
>>skype: itamarjp
>>icq: 81053601
>>+55 11 4063 5033
>>+55 34 3221 8599
>
>
>>_______________________________________________
>http://www.voipmania.com.br
>>Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>>Promoção por tempo limitado!
>>Acesse agora http://promo.voipmania.com.br
>
>>_______________________________________________
>>Lista de discussões AsteriskBrasil.org
>AsteriskBrasil em listas.asteriskbrasil.org
>http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>


-- 
#!/bin/bash

Luciano Antonio Borguetti Faustino
GNU/Linux user number: 339110
ICQ UIN number: 82092097 - ICQ ainda na atividade :)
http://lucianoborguetti.blogspot.com

Preconceito é opinião sem conhecimento.

:wq



      ____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20091104/94e1c9c5/attachment-0001.htm

Mais detalhes sobre a lista de discussão AsteriskBrasil