[AsteriskBrasil] RES: Vulnerabilidade Asterisk

cooky em click21.com.br cooky em click21.com.br
Quarta Novembro 4 15:23:21 BRST 2009


Eder,

Boa tarde.

Você não pode fazer uma reclamação formal a Global Crossing ???

tracert 208.38.164.96

Rastreando a rota para 208.38.164.96 com no máximo 30 saltos

  1     *        *        *     Esgotado o tempo limite do pedido.
  2    57 ms     5 ms     5 ms  201-0-92-89.dsl.telesp.net.br [201.0.92.89]
  3     6 ms     5 ms     5 ms  200-100-3-153.dsl.telesp.net.br [200.100.3.153]

  4     6 ms     5 ms     5 ms  200-100-98-201.dial-up.telesp.net.br [200.100.98
.201]
  5     7 ms     7 ms     7 ms  Xe7-0-0-0-grtsanem2.red.telefonica-wholesale.net
 [213.140.50.69]
  6   120 ms   120 ms   121 ms  Xe6-0-1-0-grtmiabr1.red.telefonica-wholesale.net
 [84.16.15.42]
  7   159 ms   171 ms   159 ms  Xe-1-1-0-0-grtwaseq3.red.telefonica-wholesale.ne
t [84.16.13.57]
  8   169 ms   176 ms     *     GlobalCrossing2-0-0-0-grtwaseq3.red.telefonica-w
holesale.net [213.140.55.90]
  9   173 ms   172 ms   172 ms  64.209.96.18
 10   184 ms   176 ms   177 ms  v996.core1.esnet.com [216.139.207.17]
 11   181 ms   181 ms   173 ms  208.38.164.96

Rastreamento concluído.

Sds,
Cooky

Citando Eder Souza <eder.souza em bsd.com.br>:

> Log do Asterisk segue ae para vc ver um ataque massivo chutando users sips,
> repare quantos users ele conseguiu chutar em apenas um segundo !!!
>
>
> uma amostra do log referente ao ataque !!!
>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"0"<sip:0 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"1"<sip:1 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"2"<sip:2 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"3"<sip:3 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"4"<sip:4 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"5"<sip:5 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"6"<sip:6 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"7"<sip:7 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"8"<sip:8 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"9"<sip:9 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"10"<sip:10 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"11"<sip:11 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"12"<sip:12 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"13"<sip:13 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"14"<sip:14 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"15"<sip:15 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"16"<sip:16 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"17"<sip:17 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"18"<sip:18 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"19"<sip:19 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"20"<sip:20 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"21"<sip:21 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"22"<sip:22 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"23"<sip:23 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"24"<sip:24 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"25"<sip:25 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"26"<sip:26 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"27"<sip:27 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"28"<sip:28 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"29"<sip:29 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"30"<sip:30 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"31"<sip:31 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"32"<sip:32 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"33"<sip:33 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"34"<sip:34 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"35"<sip:35 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"36"<sip:36 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"37"<sip:37 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"38"<sip:38 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"39"<sip:39 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"40"<sip:40 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"41"<sip:41 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"42"<sip:42 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"43"<sip:43 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"44"<sip:44 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"45"<sip:45 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"46"<sip:46 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"47"<sip:47 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"48"<sip:48 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"49"<sip:49 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"50"<sip:50 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"51"<sip:51 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"52"<sip:52 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"53"<sip:53 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"54"<sip:54 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"55"<sip:55 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"56"<sip:56 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"57"<sip:57 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"58"<sip:58 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
> '"59"<sip:59 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"60"<sip:60 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"61"<sip:61 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"62"<sip:62 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"63"<sip:63 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"64"<sip:64 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"65"<sip:65 em IP>'
> failed for '208.38.164.96' - No matching peer found
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
> '"66"<sip:66 em IP>'
> failed for '208.38.164.96' - No matching peer found
>
>
>
> Rastreando o IP do malvado
>
> Hostname:208.38.164.96
> ISP:E Solutions Corporation
> Organization:LIGHTPORT
> Proxy:None detected
> Type:Corporate
>
>
> Geo-Location Information
> Country:United States
> State/Region:FL
> City:Holiday
> Latitude:28.1994
> Longitude:-82.7681
> Area Code:727
>
> []'s
>
>
> Eng Eder de Souza
> 2009/11/4 Luciano Antonio Borguetti Faustino <
> lucianoborguetti.listas em gmail.com>
>
> > Eder,
> >
> > Tentativas de entrada pela porta 5060/udp?
> > Qual log seria esse, do seu firewall, do asterisk?
> >
> > Abraço,
> >
> > 2009/11/3 eder souza <ederwander em yahoo.com.br>
> >
> >>   tbm acho q é falha humana, a duas semanas peguei e um log tentativa de
> >> entradas pela porta 5060, mas o kra nao obteve sucesso !!!
> >>
> >> Eng Eder de Souza
> >>
> >> --- Em *ter, 20/10/09, Zavam, Vinícius <egypcio em secrel.com.br>* escreveu:
> >>
> >>
> >> De: Zavam, Vinícius <egypcio em secrel.com.br>
> >> Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk
> >>
> >> Para: asteriskbrasil em listas.asteriskbrasil.org
> >> Data: Terça-feira, 20 de Outubro de 2009, 22:40
> >>
> >>
> >> Citando Josué Conti:
> >>
> >> > Poderia ser o parâmetro allowguest setado como yes?
> >> >
> >> > 2009/10/20 Alexandre Ricardo Souza Silva <
> >>
>
alexandre em componentizar.com.br<http://br.mc522.mail.yahoo.com/mc/compose?to=alexandre@componentizar.com.br>
> >> >:
> >> >> Rafael,
> >> >>
> >> >>                 Teria como vc descrever o seu ambiente, do tipo , o seu
> >> >> pbx-ip esta na web ou nao e etc.
> >> >>
> >> >>                 Fico no aguardo.
> >> >>
> >> >> Abraço
> >> >> Alexandre
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> ----- Original Message -----
> >> >> From: Rafael Alves Machado
> >> >> To:
>
asteriskbrasil em listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbrasil@listas.asteriskbrasil.org>
> >> >> Sent: Tuesday, October 20, 2009 5:14 PM
> >> >> Subject: [AsteriskBrasil] RES: Vulnerabilidade Asterisk
> >> >>
> >> >> O ataque foi uma falha na segurança do asterisk alguma coisa com SSL,
> >> liguei
> >> >> no suporte trixbox no EUA e me passaram isso, utilizo trixbox 2.6.2.2
> >> >> Asterisk 1.6 assim que capturar o log eu encaminho, mas é praticamente
> >> >> assim, a pessoa invade o servidor consegue criar ramal e efetua
> >> diversas
> >> >> ligações para todo o mundo, rastreamos o ip que estava acessando e era
> >> da
> >> >> China, ele conseguiu de alguma forma acessar pela porta 5060  e suas
> >> >> derivadas.
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Rafael
> >> >>
> >> >>
> >> >>
> >> >> De:
>
asteriskbrasil-bounces em listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbrasil-bounces@listas.asteriskbrasil.org>
> >> >>
>
[mailto:asteriskbrasil-bounces em listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbrasil-bounces@listas.asteriskbrasil.org>]
> >> Em nome de Roniton
> >> >> Rezende Oliveira
> >> >> Enviada em: terça-feira, 20 de outubro de 2009 17:21
> >> >> Para:
>
asteriskbrasil em listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=asteriskbrasil@listas.asteriskbrasil.org>
> >> >> Assunto: Re: [AsteriskBrasil] Vulnerabilidade Asterisk
> >> >>
> >> >>
> >> >>
> >> >> Como foi o ataque? Você tem Log!!
> >> >> Seu sistema está atualizado?
> >> >> Seu firewall está bem configurado?
> >> >>
> >> >> Roniton Oliveira
> >> >>
> >> >> 2009/10/20 Giancarlo Rubio
>
<gianrubio em gmail.com<http://br.mc522.mail.yahoo.com/mc/compose?to=gianrubio@gmail.com>
> >> >
> >> >>
> >> >> 2009/10/20 Rafael Alves Machado
>
<rafael em aflsistemas.com.br<http://br.mc522.mail.yahoo.com/mc/compose?to=rafael@aflsistemas.com.br>
> >> >:
> >> >>
> >> >>> Pessoal, passei por um problema a semana passada e esta semana um
> >> amigo
> >> >>> mesmo passou pelo mesmo problema, um acesso devido a uma falha de
> >> >>> segurança
> >> >>> do asterisk, permitiu um usuário remoto a acessar o pbx-ip e efetuar
> >> >>> ligações para diversos países,  e alem disso criar ramais sip no pbx
> >> para
> >> >>> efetuar as ligações.
> >> >>
> >> >> Qual a falha?
> >>
> >> humana, provavelmente.
> >>
> >> >>
> >> >> --
> >> >> Giancarlo Rubio
> >>
> >> nao estou vendo justificativas plausiveis que me levem a crer o contrario.
> >> digo; ate o momento.
> >>
> >> $ /usr/local/etc/rc.d/flames.sh > /dev/null
> >>
> >>
> >>
> >> ---------------------
> >> Webmail SecrelNet
> >>
> >>
> >>
> >> _______________________________________________
> >> http://www.voipmania.com.br
> >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
> >> Promoção por tempo limitado!
> >> Acesse agora http://promo.voipmania.com.br
> >>
> >> _______________________________________________
> >> Lista de discussões AsteriskBrasil.org
> >>
>
AsteriskBrasil em listas.asteriskbrasil.org<http://br.mc522.mail.yahoo.com/mc/compose?to=AsteriskBrasil@listas.asteriskbrasil.org>
> >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
> >>
> >>
> >> __________________________________________________
> >> Fale com seus amigos de graça com o novo Yahoo! Messenger
> >> http://br.messenger.yahoo.com/
> >>
> >>
> >> _______________________________________________
> >> http://www.voipmania.com.br
> >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
> >> Promoção por tempo limitado!
> >> Acesse agora http://promo.voipmania.com.br
> >>
> >> _______________________________________________
> >> Lista de discussões AsteriskBrasil.org
> >> AsteriskBrasil em listas.asteriskbrasil.org
> >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
> >>
> >
> >
> >
> > --
> > #!/bin/bash
> >
> > Luciano Antonio Borguetti Faustino
> > GNU/Linux user number: 339110
> > ICQ UIN number: 82092097 - ICQ ainda na atividade :)
> > http://lucianoborguetti.blogspot.com
> >
> > Preconceito é opinião sem conhecimento.
> >
> > :wq
> >
> >
> > _______________________________________________
> > http://www.voipmania.com.br
> > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
> > Promoção por tempo limitado!
> > Acesse agora http://promo.voipmania.com.br
> >
> > _______________________________________________
> > Lista de discussões AsteriskBrasil.org
> > AsteriskBrasil em listas.asteriskbrasil.org
> > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
> >
>



___________________________________________________________________________________
Para fazer uma ligação DDD pra perto ou pra longe, faz um 21. A Embratel tem
tarifas muito baratas esperando por você. Aproveite!



Mais detalhes sobre a lista de discussão AsteriskBrasil