[AsteriskBrasil] (URGENTE) Tentativa de Invasão?
Luiz Gustavo
luizgb em gmail.com
Sexta Janeiro 22 13:44:08 BRST 2010
Olá,
Para obter a lista de endereços IP alocados para o Brasil, basta consultar a
lista disponível em:
ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest
e filtrar as entradas do 2o campo que contém 'BR'.
O 4o campo contém o endereço de rede e o 5o campo o número de hosts para tal
rede.
De forma análoga, é possível obter os endereços de portugal no endereço
ftp://ftp.lacnic.net/pub/stats/ripencc/delegated-ripencc-latest
e filtrar as entradas do 2o campo que contém 'PT'.
Porém mesmo obtendo esses dados, acredito que a lista ficará muito grande e
poderá dar algum impacto no desempenho devido a quantidade de DENYs, tanto
se for implementado no asterisk, quanto se for implementado no iptables.
No asterisk nunca implementei dessa forma, mas no iptables já fiz testes e
colocar drop all e liberar somente as redes alocadas para o brasil deu um
impacto negativo no firewall.
Att
Luiz Gustavo
2010/1/22 <meiralins em midiabyte.com.br>
> Prezados, qual a sintaxe correta a ser inserida no sip.conf, para bloquear
> uma séire de IP's?
>
> deny=58.0.0.0/255.0.0.0
> deny=59.0.0.0/255.0.0.0
> deny=219.232.0.0/255.255.0.0
>
> Bloquearia qualqer ip inciado com 58, 59, ou 219.232?
>
> Outras dúvida é se podemos usar máscaras ou concatenar as séries:
>
> Exemplos:
>
> Poderia ser usado:
> deny=58.0.0.0/255.0.0.0&59.0.0.0/255.0.0.0&219.232.0.0/255.255.0.0 no
> lugar
> de várias instruções seguidas?
>
> Ou pode ser usado: deny=5[89].0.0.0/255.0.0.0 ????
>
> Enfim... Grato;
> Fernando
>
>
>
>
>
> --------------------------------------------------
> From: "Roniton Rezende Oliveira" <roniton em gmail.com>
> Sent: Friday, January 22, 2010 10:16 AM
> To: <asteriskbrasil em listas.asteriskbrasil.org>
> Subject: Re: [AsteriskBrasil](URGENTE) Tentativa de Invasão?
>
> > Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk
> > (
> http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk
> )
> > ou o original (http://blogs.digium.com/2009/03/28/sip-security/)
> >
> > Roniton Oliveira
> >
> > 2010/1/22 <brunoantognolli em email.com>:
> >>
> >>
> >> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
> >>
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
> >> handle_request_register:
> >> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> >> '174.129.173.249' - Wrong password
> >> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no
> >> sip
> >> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do
> >> "invasor" é 174.129.173.249.
> >>
> >> Isso seria uma tentativa de invasão?
> >>
> >> Se sim, como ele conseguiu acesso aos meus ramais SIP?
> >> O que preciso fazer para tirar esse cara da rede?
> >>
> >> Em uma pesquisa rápida descobri que esse IP é de Washington.
> >> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
> >>
> >> Estou alarmado a toa ou é realmente uma tentativa de invasão?
> >>
> >> Obrigado lista.
> >> _______________________________________________
> >> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> >> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> >> - Suporte técnico local qualificado e gratuito
> >> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> >> _______________________________________________
> >> Lista de discussões AsteriskBrasil.org
> >> AsteriskBrasil em listas.asteriskbrasil.org
> >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
> >>
> > _______________________________________________
> > KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> > - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> > - Suporte técnico local qualificado e gratuito
> > Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> > _______________________________________________
> > Lista de discussões AsteriskBrasil.org
> > AsteriskBrasil em listas.asteriskbrasil.org
> > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
> >
>
>
>
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20100122/d0551b30/attachment-0001.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil