Não culparia o Asterisk <div><br></div><div><a href="http://www.ietf.org/rfc/rfc3261.txt">http://www.ietf.org/rfc/rfc3261.txt</a> - Sessão 10 Registrations</div><div><br></div><div>:-)</div><div><br></div><div>[]s</div><div>
<br></div><div><br><div class="gmail_quote">2009/11/4 José Eduardo C. Mazolini <span dir="ltr"><<a href="mailto:eduardo_mazolini@yahoo.com">eduardo_mazolini@yahoo.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div style="font-family:times new roman,new york,times,serif;font-size:12pt">Eu acabo de fazer um teste com X-LITE<br>E o asterisk é um problema, aconselho colocar um router SIP na frente e tratar esse problema.<br>Ele não devia mostrar para o atacante qual ramal existe qual não. Pois depois de identificado o ramal existente ele passa a testar senhas.<br>
<br>Obrigado pela dica do programa pois é necessário criar algo automático pra bloqueio de intrusos.<br>Já ouvi falar em um serviço semelhante a DNS onde são cadastrados maquinas que geram ataque e esse registro dura algumas horas.<br>
Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip la, vc antes de autorizar uma conexão já confere nesta lista se tiver vc ja bloqueia de cara o atacante.<br><br>Isso pode ser complicado pois alguem mal intencionado pode fazer falsas acusações contra vc e vc fica
bloqueado sem ter feito nada.<br>Mas criar uma base desta com controle sobre os que fazem a denucia, só servidores da empresa, grupo de trabalho, empresas que possuem negocio em comum pode ajudar.<br><br>Observe o que aconteceu:<br>
<br>Ramal 1 inexistente:<br>x-lite: REGISTER <br>Asterisk: 404 Not found<br><br>Ramal 2 existente<br>x-lite: REGISTER<br>Asterisk: 100 Trying<br>Asterisk: 401 Unauthorized<br>x-lite: REGISTER<br>
Asterisk: 100 Trying<br>
Asterisk: 403 Forbidden (Bad auth)<div class="im"><br><br>
<br>
<br><div> </div>Eduardo Mazolini<br>(19) 9191-2705<div><br></div></div><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><br><div style="font-family:times new roman,new york,times,serif;font-size:12pt">
<font size="2" face="Tahoma"><hr size="1"><b><span style="font-weight:bold">De:</span></b> Luciano Antonio Borguetti Faustino <<a href="mailto:lucianoborguetti.listas@gmail.com" target="_blank">lucianoborguetti.listas@gmail.com</a>><div class="im">
<br><b><span style="font-weight:bold">Para:</span></b> <a href="mailto:asteriskbrasil@listas.asteriskbrasil.org" target="_blank">asteriskbrasil@listas.asteriskbrasil.org</a><br></div><b><span style="font-weight:bold">Enviadas:</span></b> Quarta-feira, 4 de Novembro de 2009 13:40:10<div class="im">
<br><b><span style="font-weight:bold">Assunto:</span></b> Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk<br></div></font><div><div></div><div class="h5"><br>Eder,<div><br></div><div>Interessante, </div><div><br></div>
<div>Trantando o problema mais profissionamente acoselho a instalação de um IDS/IPS (Snort por exemplo -<a rel="nofollow" href="http://www.snort.org/" target="_blank">http://www.snort.org/</a>), onde você consegue identificar esses tipos de ataques e criar ações, como exemplo o bloqueio do host atacante.</div>
<div><br></div><div>[]s,<br><br><div class="gmail_quote">2009/11/4 Itamar Reis Peixoto <span dir="ltr"><<a rel="nofollow" href="mailto:itamar@ispbrasil.com.br" target="_blank">itamar@ispbrasil.com.br</a>></span><br>
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex">
eu continuo com a minha opiniao de que iptables e' pra boiola<br>
<br>
route add -host 208.38.164.96 reject<br>
<br>
resolve o problema !<br>
<br>
<br>
<br>
2009/11/4 Eder Souza <<a rel="nofollow" href="mailto:eder.souza@bsd.com.br" target="_blank">eder.souza@bsd.com.br</a>><br>
<div><div></div><div>><br>
> Log do Asterisk segue ae para vc ver um ataque massivo chutando users sips, repare quantos users ele conseguiu chutar em apenas um segundo !!!<br>
><br>
><br>
> uma amostra do log referente ao ataque !!!<br>
><br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"0"<sip:0@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"1"<sip:1@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"2"<sip:2@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"3"<sip:3@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"4"<sip:4@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"5"<sip:5@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"6"<sip:6@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"7"<sip:7@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"8"<sip:8@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"9"<sip:9@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"10"<sip:10@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"11"<sip:11@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"12"<sip:12@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"13"<sip:13@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"14"<sip:14@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"15"<sip:15@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"16"<sip:16@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"17"<sip:17@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"18"<sip:18@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"19"<sip:19@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"20"<sip:20@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"21"<sip:21@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"22"<sip:22@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"23"<sip:23@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"24"<sip:24@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"25"<sip:25@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"26"<sip:26@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"27"<sip:27@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"28"<sip:28@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"29"<sip:29@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"30"<sip:30@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"31"<sip:31@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"32"<sip:32@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"33"<sip:33@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"34"<sip:34@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"35"<sip:35@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"36"<sip:36@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"37"<sip:37@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"38"<sip:38@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"39"<sip:39@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"40"<sip:40@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"41"<sip:41@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"42"<sip:42@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"43"<sip:43@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"44"<sip:44@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"45"<sip:45@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"46"<sip:46@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"47"<sip:47@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"48"<sip:48@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"49"<sip:49@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"50"<sip:50@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"51"<sip:51@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"52"<sip:52@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"53"<sip:53@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"54"<sip:54@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"55"<sip:55@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"56"<sip:56@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"57"<sip:57@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"58"<sip:58@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from '"59"<sip:59@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"60"<sip:60@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"61"<sip:61@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"62"<sip:62@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"63"<sip:63@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"64"<sip:64@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"65"<sip:65@IP>' failed for '208.38.164.96' - No matching peer found<br>
> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from '"66"<sip:66@IP>' failed for '208.38.164.96' - No matching peer found<br>
<br>
<br>
</div></div>------------<br>
<br>
Itamar Reis Peixoto<br>
<br>
e-mail/msn/google talk/sip: <a rel="nofollow" href="mailto:itamar@ispbrasil.com.br" target="_blank">itamar@ispbrasil.com.br</a><br>
skype: itamarjp<br>
icq: 81053601<br>
+55 11 4063 5033<br>
+55 34 3221 8599<br>
<div><div></div><div><br>
_______________________________________________<br>
<a rel="nofollow" href="http://www.voipmania.com.br" target="_blank">http://www.voipmania.com.br</a><br>
Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.<br>
Promoção por tempo limitado!<br>
Acesse agora <a rel="nofollow" href="http://promo.voipmania.com.br" target="_blank">http://promo.voipmania.com.br</a><br>
<br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a rel="nofollow" href="mailto:AsteriskBrasil@listas.asteriskbrasil.org" target="_blank">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a rel="nofollow" href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>#!/bin/bash<br><br>Luciano Antonio Borguetti Faustino<br>GNU/Linux user number: 339110<br>ICQ UIN number: 82092097 - ICQ ainda na atividade :)<br><a rel="nofollow" href="http://lucianoborguetti.blogspot.com" target="_blank">http://lucianoborguetti.blogspot.com</a><br>
<br>Preconceito é opinião sem conhecimento.<br><br>:wq<br>
</div>
</div></div></div></div>
</div><div class="im"><br>
<hr size="1">Veja quais são os assuntos do momento no Yahoo! + Buscados: <a href="http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/" target="_blank">Top 10</a> - <a href="http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/celebridades/" target="_blank">Celebridades</a> - <a href="http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/m%C3%BAsica/" target="_blank">Música</a> - <a href="http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/esportes/" target="_blank">Esportes</a></div>
</div><br><br>
_______________________________________________<br>
<a href="http://www.voipmania.com.br" target="_blank">http://www.voipmania.com.br</a><br>
Telefone IP sem fio Gigaset A580IP por 6 x R$59,90.<br>
Promoção por tempo limitado!<br>
Acesse agora <a href="http://promo.voipmania.com.br" target="_blank">http://promo.voipmania.com.br</a><br>
<br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br></blockquote></div><br><br clear="all"><br>-- <br>#!/bin/bash<br>
<br>Luciano Antonio Borguetti Faustino<br>GNU/Linux user number: 339110<br>ICQ UIN number: 82092097 - ICQ ainda na atividade :)<br><a href="http://lucianoborguetti.blogspot.com">http://lucianoborguetti.blogspot.com</a><br>
<br>Preconceito é opinião sem conhecimento.<br><br>:wq<br>
</div>