Bom pelo log, é alguém forçando um senha para um sip, o prejuizo é apenas na conta telefonica, e tem gente ainda usa senha padrão para os sip <br><br> Eu acho que são só esse o prejuizo.<br><br>Att.<br><br>Wendell Silva Bandeira<br>
<br><div class="gmail_quote">2010/1/22 <span dir="ltr"><<a href="mailto:brunoantognolli@email.com">brunoantognolli@email.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<font size="2" color="black" face="arial">
<div><font face="Arial, Helvetica, sans-serif">Ok, já vamos providenciar isso, obrigado pela dica Wendell.</font></div>
<div> </div>
<div>Mas isso é uma tentativa de invasão?</div>
<div>Se sim, quais os prejuízos que posso ter com isso?</div>
<div> </div>
<div>É possível o invasor acessar um ramal sip, tentando conectar através desse ip e realizar ligações, por exemplo?</div>
<div> </div>
<div>Att,</div>
<div>Bruno<br>
<br>
</div><div><div></div><div class="h5">
<div style="clear: both;"></div>
<br>
<br>
<div style="font-family: helvetica,arial; color: black; font-size: 10pt;">-----Original Message-----<br>
From: Wendell Silva <<a href="mailto:wendbandeira@gmail.com" target="_blank">wendbandeira@gmail.com</a>><br>
To: <a href="mailto:asteriskbrasil@listas.asteriskbrasil.org" target="_blank">asteriskbrasil@listas.asteriskbrasil.org</a><br>
Sent: Fri, Jan 22, 2010 10:47 am<br>
Subject: Re: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?<br>
<br>
<div>Configura o ipfw no seu servidor e bloqueia este ip.<br>
<br>
Att.<br>
<br>
Wendell Silva Bandeira<br>
<br>
<div class="gmail_quote">2010/1/22 <span dir="ltr"><<a href="mailto:brunoantognolli@email.com" target="_blank">brunoantognolli@email.com</a>></span><br>
<blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"><font size="2" color="black" face="arial"><br>
<br>
<div style="clear: both;">Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:</div>
<div style="clear: both;"> </div>
<div style="clear: both;">[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:<a href="mailto:1013@XXX.XXX.XXX.XXX" target="_blank">1013@XXX.XXX.XXX.XXX</a>>' failed for '174.129.173.249' - Wrong password<br>
</div>
<div style="clear: both;">Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 174.129.173.249.</div>
<div style="clear: both;"> </div>
<div style="clear: both;">Isso seria uma tentativa de invasão? </div>
<div style="clear: both;"> </div>
<div style="clear: both;">Se sim, como ele conseguiu acesso aos meus ramais SIP?</div>
<div style="clear: both;">O que preciso fazer para tirar esse cara da rede?</div>
<div style="clear: both;"> </div>
<div style="clear: both;">Em uma pesquisa rápida descobri que esse IP é de Washington.</div>
<div style="clear: both;"><a href="http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html" target="_blank">http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html</a></div>
<div style="clear: both;"> </div>
<div style="clear: both;">Estou alarmado a toa ou é realmente uma tentativa de invasão?</div>
<div style="clear: both;"> </div>
<div style="clear: both;">Obrigado lista.</div>
</font><br>
_______________________________________________<br>
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
- Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
- Suporte técnico local qualificado e gratuito<br>
Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br/" target="_blank">www.khomp.com.br</a><br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org" target="_blank">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
</blockquote></div>
<br>
</div>
<div style="margin: 0px; background-color: rgb(255, 255, 255); font-family: Tahoma,Verdana,Arial,Sans-Serif; color: rgb(0, 0, 0); font-size: 12px;"><pre style="font-size: 9pt;"><tt>_______________________________________________
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
- Hardware com alta disponibilidade de recursos e qualidade KHOMP
- Suporte técnico local qualificado e gratuito
Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br/" target="_blank">www.khomp.com.br</a>
_______________________________________________
Lista de discussões AsteriskBrasil.org
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org" target="_blank">AsteriskBrasil@listas.asteriskbrasil.org</a>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a>
</tt></pre></div>
</div>
</div></div></font>
<br>_______________________________________________<br>
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
- Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
- Suporte técnico local qualificado e gratuito<br>
Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br" target="_blank">www.khomp.com.br</a><br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br></blockquote></div><br>