Alexandre, descreva a sua arquitetura... Tem Firewall? O Asterisk necessita de saída para a rede? Que nem o nosso amigo Felipe disse, se não tiver, sete allowguest=no no sip.conf, provavelmente você não necessita dele...<br>
<br><br><br>Ats,<br>Rodrigo Lang.<br><br><div class="gmail_quote">2009/11/24 Julio Arruda <span dir="ltr">&lt;<a href="mailto:jarruda-asterisk@jarruda.com">jarruda-asterisk@jarruda.com</a>&gt;</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">Rafael Alves Machado wrote:<br>
&gt; Não existe um patch de atualização para Este problema? Pois passei pelo<br>
&gt; mesmo problema e o prejuízo foi alto.<br>
&gt;<br>
<br>
</div>Humm...nao sei se voce entendeu, mas isto nao e&#39; um bug. O ponto e&#39;, se<br>
voce permite  um SIP UA qualquer falar com o seu * sem estar registrado,<br>
e mandar chamadas, e&#39; configuracao....<br>
Existe uma quantidade grande de brute-force tambem, onde tentam achar<br>
combinacoes usuario/senha que podem mandar chamadas via seu asterisk....<br>
<div><div></div><div class="h5"><br>
&gt;<br>
&gt; Rafael<br>
&gt;<br>
&gt; -----Mensagem original-----<br>
&gt; De: <a href="mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org">asteriskbrasil-bounces@listas.asteriskbrasil.org</a><br>
&gt; [mailto:<a href="mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org">asteriskbrasil-bounces@listas.asteriskbrasil.org</a>] Em nome de Felipe<br>
&gt; R. Pasa<br>
&gt; Enviada em: segunda-feira, 23 de novembro de 2009 22:04<br>
&gt; Para: <a href="mailto:asteriskbrasil@listas.asteriskbrasil.org">asteriskbrasil@listas.asteriskbrasil.org</a><br>
&gt; Assunto: Re: [AsteriskBrasil] Intruso no Asterisk<br>
&gt;<br>
&gt; Alexandre,<br>
&gt;<br>
&gt;  no seu sip.conf, voce pode habilitar o parametro allowguest=yes e na<br>
&gt; conta do [guest] coloca um contexto que alcance somente os seus ramais<br>
&gt; internos,ou algum que nao exista, neste caso o seu invasor no máximo<br>
&gt; liga para o seu ramal e inclusive voce pode até trocar umas<br>
&gt; palavrinhas com o intruso! :)<br>
&gt;<br>
&gt; At.!<br>
&gt;<br>
&gt; 2009/11/23 Alexandre Ricardo Souza Silva &lt;<a href="mailto:alexandre@componentizar.com.br">alexandre@componentizar.com.br</a>&gt;:<br>
&gt;&gt; Salve Galera!<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;                 Preciso de help de todos, estava verificando o log do meu<br>
&gt;&gt; asterisk e notei que tenho uns 48 registro assim (  Sip/<a href="http://113.105.152.56" target="_blank">113.105.152.56</a><br>
&gt;&gt; asterisk asterisk) , pelo que verifiquei na Net isso é tentativa de<br>
&gt; intruso,<br>
&gt;&gt; só que esse ip tentou ligar para alguns lugares , mas sem sucesso pelo que<br>
&gt;&gt; vi , todas as tentativas não passou de 16 segundos, essas 48 tentativas<br>
&gt; sao<br>
&gt;&gt; desde mes 08 , hoje por exemplo não tive este ataque, eles estao tentando<br>
&gt; a<br>
&gt;&gt; cada 4 dias...<br>
&gt;&gt;<br>
&gt;&gt;                Qual o patch q tenho que aplicar no *  para manter mais<br>
&gt;&gt; seguro?<br>
&gt;&gt;<br>
&gt;&gt; ***Log<br>
&gt;&gt; Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [011441616604001@from-sip-external:1] NoOp(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;Received incoming SIP connection from unknown peer to 011441616604001&quot;)<br>
&gt; in<br>
&gt;&gt; new stack<br>
&gt;&gt; [Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [011441616604001@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;DID=011441616604001&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [011441616604001@from-sip-external:3] Goto(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;s|1&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:1] GotoIf(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;0?from-trunk|011441616604001|1&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;TIMEOUT(absolute)=15&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:3] Answer(&quot;SIP/113.105.152.56-b2e04818&quot;, &quot;&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 14 01:22:19] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:4] Wait(&quot;SIP/113.105.152.56-b2e04818&quot;, &quot;2&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 14 01:22:21] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:5] Playback(&quot;SIP/113.105.152.56-b2e08a38&quot;,<br>
&gt;&gt; &quot;ss-noservice&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:21] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:5] Playback(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;ss-noservice&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:21] VERBOSE[21170] logger.c:     --<br>
&gt;&gt; &lt;SIP/113.105.152.56-b2e08a38&gt; Playing &#39;ss-noservice&#39; (language &#39;en&#39;)<br>
&gt;&gt; [Nov 14 01:22:21] VERBOSE[21171] logger.c:     --<br>
&gt;&gt; &lt;SIP/113.105.152.56-b2e04818&gt; Playing &#39;ss-noservice&#39; (language &#39;en&#39;)<br>
&gt;&gt; [Nov 14 01:22:28] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:6] PlayTones(&quot;SIP/113.105.152.56-b2e08a38&quot;,<br>
&gt;&gt; &quot;congestion&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:28] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:7] Congestion(&quot;SIP/113.105.152.56-b2e08a38&quot;, &quot;5&quot;) in<br>
&gt;&gt; new stack<br>
&gt;&gt; [Nov 14 01:22:28] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:6] PlayTones(&quot;SIP/113.105.152.56-b2e04818&quot;,<br>
&gt;&gt; &quot;congestion&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:28] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:7] Congestion(&quot;SIP/113.105.152.56-b2e04818&quot;, &quot;5&quot;) in<br>
&gt;&gt; new stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:   == Spawn extension<br>
&gt;&gt; (from-sip-external, s, 7) exited non-zero on &#39;SIP/113.105.152.56-b2e08a38&#39;<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [T@from-sip-external:1] NoOp(&quot;SIP/113.105.152.56-b2e08a38&quot;, &quot;Received<br>
&gt;&gt; incoming SIP connection from unknown peer to T&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [T@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b2e08a38&quot;, &quot;DID=s&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [T@from-sip-external:3] Goto(&quot;SIP/113.105.152.56-b2e08a38&quot;, &quot;s|1&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:1] GotoIf(&quot;SIP/113.105.152.56-b2e08a38&quot;,<br>
&gt;&gt; &quot;0?from-trunk|s|1&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b2e08a38&quot;,<br>
&gt;&gt; &quot;TIMEOUT(absolute)=15&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:3] Answer(&quot;SIP/113.105.152.56-b2e08a38&quot;, &quot;&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21170] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:4] Wait(&quot;SIP/113.105.152.56-b2e08a38&quot;, &quot;2&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21171] logger.c:   == Spawn extension<br>
&gt;&gt; (from-sip-external, s, 7) exited non-zero on &#39;SIP/113.105.152.56-b2e04818&#39;<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [T@from-sip-external:1] NoOp(&quot;SIP/113.105.152.56-b2e04818&quot;, &quot;Received<br>
&gt;&gt; incoming SIP connection from unknown peer to T&quot;) in new stack<br>
&gt;&gt; [Nov 14 01:22:34] VERBOSE[21171] logger.c:     -- Executing<br>
&gt;&gt; [T@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b2e04818&quot;, &quot;DID=s&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 15:23:17] VERBOSE[6506] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:1] GotoIf(&quot;SIP/113.105.152.56-b3702a48&quot;,<br>
&gt;&gt; &quot;0?from-trunk|s|1&quot;) in new stack<br>
&gt;&gt; [Nov 20 15:23:17] VERBOSE[6506] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b3702a48&quot;,<br>
&gt;&gt; &quot;TIMEOUT(absolute)=15&quot;) in new stack<br>
&gt;&gt; [Nov 20 15:23:17] VERBOSE[6506] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:3] Answer(&quot;SIP/113.105.152.56-b3702a48&quot;, &quot;&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 15:23:17] VERBOSE[6506] logger.c:   == Spawn extension<br>
&gt;&gt; (from-sip-external, s, 3) exited non-zero on &#39;SIP/113.105.152.56-b3702a48&#39;<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [00#441616604001@from-sip-external:1] NoOp(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;Received incoming SIP connection from unknown peer to 00#441616604001&quot;)<br>
&gt; in<br>
&gt;&gt; new stack<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [00#441616604001@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;DID=00#441616604001&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [00#441616604001@from-sip-external:3] Goto(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;s|1&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:1] GotoIf(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;0?from-trunk|00#441616604001|1&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;TIMEOUT(absolute)=15&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:3] Answer(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 17:05:38] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:4] Wait(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;2&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 17:05:40] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:5] Playback(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;ss-noservice&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:40] VERBOSE[25061] logger.c:     --<br>
&gt;&gt; &lt;SIP/113.105.152.56-b37009f8&gt; Playing &#39;ss-noservice&#39; (language &#39;en&#39;)<br>
&gt;&gt; [Nov 20 17:05:47] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:6] PlayTones(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;congestion&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:47] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:7] Congestion(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;5&quot;) in<br>
&gt;&gt; new stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:   == Spawn extension<br>
&gt;&gt; (from-sip-external, s, 7) exited non-zero on &#39;SIP/113.105.152.56-b37009f8&#39;<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [h@from-sip-external:1] NoOp(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;Hangup&quot;) in<br>
&gt; new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [h@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;DID=s&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [h@from-sip-external:3] Goto(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;s|1&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:1] GotoIf(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;0?from-trunk|s|1&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:2] Set(&quot;SIP/113.105.152.56-b37009f8&quot;,<br>
&gt;&gt; &quot;TIMEOUT(absolute)=15&quot;) in new stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:     -- Executing<br>
&gt;&gt; [s@from-sip-external:3] Answer(&quot;SIP/113.105.152.56-b37009f8&quot;, &quot;&quot;) in new<br>
&gt;&gt; stack<br>
&gt;&gt; [Nov 20 17:05:52] VERBOSE[25061] logger.c:   == Spawn extension<br>
&gt;&gt; (from-sip-external, s, 3) exited non-zero on &#39;SIP/113.105.152.56-b37009f8&#39;<br>
&gt;&gt;<br>
&gt;&gt; **<br>
&gt;&gt;<br>
&gt;&gt;                Fico no aguardo<br>
&gt;&gt;<br>
&gt;&gt; Abraço<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Alexandre<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; A Redfone é líder no fornecimento de bridges TDMoE &amp;lt;-&gt; E1<br>
&gt;&gt; - Valor similar ao de placas E1 PCI;<br>
&gt;&gt; - Não há problemas de compatibilidade com barramento PCI;<br>
&gt;&gt; - Possibilitam a construção de soluções de alta disponibilidade(dois<br>
&gt;&gt; servidores compartilham o mesmo E1)<br>
&gt;&gt; Conheça mais sobre este produto em <a href="http://www.red-fone.com" target="_blank">www.red-fone.com</a><br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; Lista de discussões AsteriskBrasil.org<br>
&gt;&gt; <a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
&gt;&gt; <a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
<br>
_______________________________________________<br>
A Redfone é líder no fornecimento de bridges TDMoE &amp;lt;-&gt; E1<br>
- Valor similar ao de placas E1 PCI;<br>
- Não há problemas de compatibilidade com barramento PCI;<br>
- Possibilitam a construção de soluções de alta disponibilidade(dois<br>
servidores compartilham o mesmo E1)<br>
Conheça mais sobre este produto em <a href="http://www.red-fone.com" target="_blank">www.red-fone.com</a><br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Rodrigo F. Lang<br>Amd. de Redes em Telecom<br>