[AsteriskBrasil] Res: Res: RES: Vulnerabilidade Asterisk

Italo Rossi italorossib em gmail.com
Quarta Novembro 4 16:04:10 BRST 2009


José Eduardo,

Usei o X-lite com a opção alwaysauthreject=yes e:

Peer EXISTENTE:

[09-11-04]14:49:17.200 | Info | RESIP:DUM | "Got: SipResp: 403  
tid=67e67d2ed75dc56a cseq=REGISTER / 2 from(wire)" |
[09-11-04]14:49:17.210 | Info | CCM | "Response code to SIP request  
did not match any entry specified in retry-response-list. Response:  
403[URI:XXX em XXXXXXXXXXX]"

No visor: Registration error: 403 - Forbidden (Bad auth)

Peer INVÁLIDO:

[09-11-04]14:51:41.583 | Info | RESIP:DUM | "Got: SipResp: 403  
tid=5e033b14d1feec10 cseq=REGISTER / 2 from(wire)" |
[09-11-04]14:51:41.584 | Info | CCM | "Response code to SIP request  
did not match any entry specified in retry-response-list. Response:  
403[URI:XXX em XXXXXXXXXXX]"

No visor: Registration error: 403 - Forbidden (Bad auth)

Os mesmos testes SEM alwaysauthreject, veja:

Peer INVÁLIDO:

[09-11-04]14:55:04.455 | Info | RESIP:DUM | "Got: SipResp: 404  
tid=6c8ef453611d666d cseq=REGISTER / 1 from(wire)" |
[09-11-04]14:55:04.456 | Info | CCM | "Response code to SIP request  
did not match any entry specified in retry-response-list. Response:  
404[URI:XXX em XXXXXXXXXXX]"

No visor: Registration error: 404 - Not found

Peer EXISTENTE:

[09-11-04]14:56:13.403 | Info | RESIP:DUM | "Got: SipResp: 403  
tid=aef2611fe41a6e75 cseq=REGISTER / 2 from(wire)" |
[09-11-04]14:56:13.403 | Info | CCM | "Response code to SIP request  
did not match any entry specified in retry-response-list. Response:  
403[URI:XXX em XXXXXXXXXXX]"

No visor: Registration error: 403 - Forbidden (Bad auth)

Testado com asterisk 1.4.26

Como você fez estes testes?

On Nov 4, 2009, at 2:37 PM, José Eduardo C. Mazolini wrote:

> Testei alwaysauthreject=yes
>
>
> Ainda sim o asterisk trata diferente. Ou seja comeu mais  
> processador, mais rede e o assunto mesmo não resolveu.
> Portanto tanto faz com ou sem.
>
> Ramal 1 inexistente:
> x-lite: REGISTER
> Asterisk: 401 Unauthorized
> x-lite: REGISTER
> Asterisk: 401 Unauthorized
> x-lite: REGISTER
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
> Asterisk: 401 Unauthorized
>
> Ramal 2 existente
> x-lite: REGISTER
> Asterisk: 100 Trying
> Asterisk: 401 Unauthorized
> x-lite: REGISTER
> Asterisk: 100 Trying
> Asterisk: 403 Forbidden (Bad auth)
>
>
> Eduardo Mazolini
> (19) 9191-2705
>
>
>
> ----- Mensagem original ----
> De: Saulo Quinteiro <sauloquinteiro em gmail.com>
> Para: asteriskbrasil em listas.asteriskbrasil.org
> Enviadas: Quarta-feira, 4 de Novembro de 2009 14:34:55
> Assunto: Re: [AsteriskBrasil] Res:  RES: Vulnerabilidade Asterisk
>
> José da uma olhada nesse link.
>
> http://www.voipexperts.com.br/tutoriais-sobre-asterisk-e-voip/seguranca-no-asterisk
>
> E um Firewall bem elaborado ajuda bastante tb.
> Vai ajudar no seu problema.
>
>
> Saulo Quinteiro Dos Santos
> Fone: 41-2141-9567
> Graduando em Ciência da Computação - UFPR
> msn : sauloquinteiro em gmail.com
> e-mail: saulo em mpsinf.com.br
> cel : 41-9927-5236
>
>
>
>
> José Eduardo C. Mazolini escreveu:
>> Eu acabo de fazer um teste com X-LITE
>> E o asterisk é um problema, aconselho colocar um router SIP na  
>> frente e
>> tratar esse problema.
>> Ele não devia mostrar para o atacante qual ramal existe qual não.  
>> Pois
>> depois de identificado o ramal existente ele passa a testar senhas.
>>
>> Obrigado pela dica do programa pois é necessário criar algo  
>> automático
>> pra bloqueio de intrusos.
>> Já ouvi falar em um serviço semelhante a DNS onde são cadastrados
>> maquinas que geram ataque e esse registro dura algumas horas.
>> Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip  
>> la,
>> vc antes de autorizar uma conexão já confere nesta lista se tiver  
>> vc ja
>> bloqueia de cara o atacante.
>>
>> Isso pode ser complicado pois alguem mal intencionado pode fazer  
>> falsas
>> acusações contra vc e vc fica bloqueado sem ter feito nada.
>> Mas criar uma base desta com controle sobre os que fazem a denucia,  
>>>> servidores da empresa, grupo de trabalho, empresas que possuem  
>> negocio
>> em comum pode ajudar.
>>
>> Observe o que aconteceu:
>>
>> Ramal 1 inexistente:
>> x-lite: REGISTER
>> Asterisk: 404 Not found
>>
>> Ramal 2 existente
>> x-lite: REGISTER
>> Asterisk: 100 Trying
>> Asterisk: 401 Unauthorized
>> x-lite: REGISTER
>> Asterisk: 100 Trying
>> Asterisk: 403 Forbidden (Bad auth)
>>
>>
>>
>>
>> Eduardo Mazolini
>> (19) 9191-2705
>>
>>
>> ------------------------------------------------------------------------
>> *De:* Luciano Antonio Borguetti Faustino <lucianoborguetti.listas em gmail.com 
>> >
>> *Para:* asteriskbrasil em listas.asteriskbrasil.org
>> *Enviadas:* Quarta-feira, 4 de Novembro de 2009 13:40:10
>> *Assunto:* Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk
>>
>> Eder,
>>
>> Interessante,
>>
>> Trantando o problema mais profissionamente acoselho a instalação de  
>> um
>> IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você  
>> consegue
>> identificar esses tipos de ataques e criar ações, como exemplo o
>> bloqueio do host atacante.
>>
>> []s,
>>
>> 2009/11/4 Itamar Reis Peixoto <itamar em ispbrasil.com.br
>> <mailto:itamar em ispbrasil.com.br>>
>>
>>    eu continuo com a minha opiniao de que iptables e' pra boiola
>>
>>    route add -host 208.38.164.96 reject
>>
>>    resolve o problema !
>>
>>
>>
>>    2009/11/4 Eder Souza <eder.souza em bsd.com.br
>>    <mailto:eder.souza em bsd.com.br>>
>>>
>>> Log do Asterisk segue ae para vc ver um ataque massivo chutando
>>    users sips, repare quantos users ele conseguiu chutar em apenas um
>>    segundo !!!
>>>
>>>
>>> uma amostra do log referente ao ataque !!!
>>>
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"0"<sip:0 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"1"<sip:1 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"2"<sip:2 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"3"<sip:3 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"4"<sip:4 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"5"<sip:5 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"6"<sip:6 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"7"<sip:7 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"8"<sip:8 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"9"<sip:9 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"10"<sip:10 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"11"<sip:11 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"12"<sip:12 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"13"<sip:13 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"14"<sip:14 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"15"<sip:15 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"16"<sip:16 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"17"<sip:17 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"18"<sip:18 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"19"<sip:19 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"20"<sip:20 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"21"<sip:21 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"22"<sip:22 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"23"<sip:23 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"24"<sip:24 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"25"<sip:25 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"26"<sip:26 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"27"<sip:27 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"28"<sip:28 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"29"<sip:29 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"30"<sip:30 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"31"<sip:31 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"32"<sip:32 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"33"<sip:33 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"34"<sip:34 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"35"<sip:35 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"36"<sip:36 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"37"<sip:37 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"38"<sip:38 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"39"<sip:39 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"40"<sip:40 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"41"<sip:41 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"42"<sip:42 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"43"<sip:43 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"44"<sip:44 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"45"<sip:45 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"46"<sip:46 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"47"<sip:47 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"48"<sip:48 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"49"<sip:49 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"50"<sip:50 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"51"<sip:51 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"52"<sip:52 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"53"<sip:53 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"54"<sip:54 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"55"<sip:55 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"56"<sip:56 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"57"<sip:57 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"58"<sip:58 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from
>>    '"59"<sip:59 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"60"<sip:60 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"61"<sip:61 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"62"<sip:62 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"63"<sip:63 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"64"<sip:64 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"65"<sip:65 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from
>>    '"66"<sip:66 em IP>' failed for '208.38.164.96' - No matching peer  
>> found
>>
>>
>>    ------------
>>
>>    Itamar Reis Peixoto
>>
>>    e-mail/msn/google talk/sip: itamar em ispbrasil.com.br
>>    <mailto:itamar em ispbrasil.com.br>
>>    skype: itamarjp
>>    icq: 81053601
>>    +55 11 4063 5033
>>    +55 34 3221 8599
>>
>>    _______________________________________________
>>   http://www.voipmania.com.br
>>    Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>>    Promoção por tempo limitado!
>>    Acesse agora http://promo.voipmania.com.br
>>
>>    _______________________________________________
>>    Lista de discussões AsteriskBrasil.org
>>   AsteriskBrasil em listas.asteriskbrasil.org
>>    <mailto:AsteriskBrasil em listas.asteriskbrasil.org>
>>   http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
>>
>>
>>
>> -- 
>> #!/bin/bash
>>
>> Luciano Antonio Borguetti Faustino
>> GNU/Linux user number: 339110
>> ICQ UIN number: 82092097 - ICQ ainda na atividade :)
>> http://lucianoborguetti.blogspot.com
>>
>> Preconceito é opinião sem conhecimento.
>>
>> :wq
>>
>> ------------------------------------------------------------------------
>> Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10
>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/ 
>> >
>> - Celebridades
>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/celebridades/ 
>> >
>> - Música
>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/m%C3%BAsica/ 
>> >
>> - Esportes
>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/esportes/ 
>> >
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> _______________________________________________
>> http://www.voipmania.com.br
>> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
>> Promoção por tempo limitado!
>> Acesse agora http://promo.voipmania.com.br
>>
>> _______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil em listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
> _______________________________________________
> http://www.voipmania.com.br
> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
> Promoção por tempo limitado!
> Acesse agora http://promo.voipmania.com.br
>
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
>
>
>       
> ____________________________________________________________________________________
> Veja quais são os assuntos do momento no Yahoo! +Buscados
> http://br.maisbuscados.yahoo.com
>
> _______________________________________________
> http://www.voipmania.com.br
> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.
> Promoção por tempo limitado!
> Acesse agora http://promo.voipmania.com.br
>
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil



Mais detalhes sobre a lista de discussão AsteriskBrasil