[AsteriskBrasil] (URGENTE) Tentativa de Invasão?

meiralins em midiabyte.com.br meiralins em midiabyte.com.br
Sexta Janeiro 22 12:30:38 BRST 2010


Prezados, qual a sintaxe correta a ser inserida no sip.conf, para bloquear 
uma séire de IP's?

deny=58.0.0.0/255.0.0.0
deny=59.0.0.0/255.0.0.0
deny=219.232.0.0/255.255.0.0

Bloquearia qualqer ip inciado com 58, 59, ou 219.232?

Outras dúvida é se podemos usar máscaras ou concatenar as séries:

Exemplos:

Poderia ser usado: 
deny=58.0.0.0/255.0.0.0&59.0.0.0/255.0.0.0&219.232.0.0/255.255.0.0 no lugar 
de várias instruções seguidas?

Ou pode ser usado: deny=5[89].0.0.0/255.0.0.0 ????

Enfim... Grato;
Fernando





--------------------------------------------------
From: "Roniton Rezende Oliveira" <roniton em gmail.com>
Sent: Friday, January 22, 2010 10:16 AM
To: <asteriskbrasil em listas.asteriskbrasil.org>
Subject: Re: [AsteriskBrasil](URGENTE) Tentativa de Invasão?

> Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk
> (http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk)
> ou o original (http://blogs.digium.com/2009/03/28/sip-security/)
>
> Roniton Oliveira
>
> 2010/1/22  <brunoantognolli em email.com>:
>>
>>
>> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
>>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 
>> handle_request_register:
>> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
>> '174.129.173.249' - Wrong password
>> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no 
>> sip
>> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do
>> "invasor" é 174.129.173.249.
>>
>> Isso seria uma tentativa de invasão?
>>
>> Se sim, como ele conseguiu acesso aos meus ramais SIP?
>> O que preciso fazer para tirar esse cara da rede?
>>
>> Em uma pesquisa rápida descobri que esse IP é de Washington.
>> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
>>
>> Estou alarmado a toa ou é realmente uma tentativa de invasão?
>>
>> Obrigado lista.
>> _______________________________________________
>> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
>> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
>> - Suporte técnico local qualificado e gratuito
>> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
>> _______________________________________________
>> Lista de discussões AsteriskBrasil.org
>> AsteriskBrasil em listas.asteriskbrasil.org
>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>>
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>

 



Mais detalhes sobre a lista de discussão AsteriskBrasil