[AsteriskBrasil] (URGENTE) Tentativa de Invasão?
meiralins em midiabyte.com.br
meiralins em midiabyte.com.br
Sexta Janeiro 22 11:52:09 BRST 2010
Roniton, as dicas são muito boas, mas elas não mostram exemplos práticos de
como implementar. Você pode ajudar?
Tenho certeza que muitos dos usuários da lista (estou entre eles), desejam
melhorar a segurança dia a dia, mas de fato não sabem implantar todas as
medidas e surgem dúvidas.
Por exemplo, para definir no permite e deny, você tem um exemplo prático e
uma regra com a lista para liberar acesso somente o acesso para IP's do
Brasil e IP's de Portugal? Eu já busquei e pedi esta informação para a
NIC.BR, mas eles não me passaram.
Na implantação de alwaysauthreject=yes, isto não traria algum tipo de
instabilidade ou atrapalharia um debug por exemplo?
Grato;
Fernando
--------------------------------------------------
From: "Roniton Rezende Oliveira" <roniton em gmail.com>
Sent: Friday, January 22, 2010 10:16 AM
To: <asteriskbrasil em listas.asteriskbrasil.org>
Subject: Re: [AsteriskBrasil](URGENTE) Tentativa de Invasão?
> Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk
> (http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk)
> ou o original (http://blogs.digium.com/2009/03/28/sip-security/)
>
> Roniton Oliveira
>
> 2010/1/22 <brunoantognolli em email.com>:
>>
>>
>> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
>>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no
>> sip
>> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do
>> "invasor" é 174.129.173.249.
>>
>> Isso seria uma tentativa de invasão?
>>
>> Se sim, como ele conseguiu acesso aos meus ramais SIP?
>> O que preciso fazer para tirar esse cara da rede?
>>
>> Em uma pesquisa rápida descobri que esse IP é de Washington.
>> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
>>
>> Estou alarmado a toa ou é realmente uma tentativa de invasão?
>>
>> Obrigado lista.
>> _______________________________________________
>> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
>> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
>> - Suporte técnico local qualificado e gratuito
>> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
>> _______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil em listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
Mais detalhes sobre a lista de discussão AsteriskBrasil