[AsteriskBrasil] (URGENTE) Tentativa de Invasão?
Wendell Silva
wendbandeira em gmail.com
Sexta Janeiro 22 11:19:11 BRST 2010
Bom pelo log, é alguém forçando um senha para um sip, o prejuizo é apenas na
conta telefonica, e tem gente ainda usa senha padrão para os sip
Eu acho que são só esse o prejuizo.
Att.
Wendell Silva Bandeira
2010/1/22 <brunoantognolli em email.com>
> Ok, já vamos providenciar isso, obrigado pela dica Wendell.
>
> Mas isso é uma tentativa de invasão?
> Se sim, quais os prejuízos que posso ter com isso?
>
> É possível o invasor acessar um ramal sip, tentando conectar através desse
> ip e realizar ligações, por exemplo?
>
> Att,
> Bruno
>
>
>
> -----Original Message-----
> From: Wendell Silva <wendbandeira em gmail.com>
> To: asteriskbrasil em listas.asteriskbrasil.org
> Sent: Fri, Jan 22, 2010 10:47 am
> Subject: Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?
>
> Configura o ipfw no seu servidor e bloqueia este ip.
>
> Att.
>
> Wendell Silva Bandeira
>
> 2010/1/22 <brunoantognolli em email.com>
>
>>
>>
>> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
>>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no
>> sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do
>> "invasor" é 174.129.173.249.
>>
>> Isso seria uma tentativa de invasão?
>>
>> Se sim, como ele conseguiu acesso aos meus ramais SIP?
>> O que preciso fazer para tirar esse cara da rede?
>>
>> Em uma pesquisa rápida descobri que esse IP é de Washington.
>> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
>>
>> Estou alarmado a toa ou é realmente uma tentativa de invasão?
>>
>> Obrigado lista.
>>
>> _______________________________________________
>> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
>> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
>> - Suporte técnico local qualificado e gratuito
>> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
>> _______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil em listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
>
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.orgAsteriskBrasil em listas.asteriskbrasil.orghttp://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
>
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20100122/1f309bc3/attachment-0001.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil