<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><META http-equiv=Content-Type content="text/html; charset=utf-8"><META content="INBOX.COM" name=GENERATOR></HEAD>
<BODY>
Aconteceu comigo, eu astava na CLI do Asterisk quanto começou, fiz uma ACL no meu roteador de borda.<br><br><br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"100"<sip:100@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"101"<sip:101@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"102"<sip:102@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"103"<sip:103@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"104"<sip:104@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"105"<sip:105@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"106"<sip:106@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"107"<sip:107@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"108"<sip:108@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"109"<sip:109@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"110"<sip:110@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:18] NOTICE[9197] chan_sip.c: Registration from '"111"<sip:111@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"112"<sip:112@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"113"<sip:113@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"114"<sip:114@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"115"<sip:115@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"116"<sip:116@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"117"<sip:117@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"118"<sip:118@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"119"<sip:119@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"120"<sip:120@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"121"<sip:121@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"122"<sip:122@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"123"<sip:123@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"124"<sip:124@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"125"<sip:125@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"126"<sip:126@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"127"<sip:127@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"128"<sip:128@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br>[Jan 21 17:14:19] NOTICE[9197] chan_sip.c: Registration from '"129"<sip:129@XXX.XXX.XXX.XXX>' failed for '75.101.255.139' - No matching peer found<br><br>
<div> </div><br><br><blockquote style="border-left: 2px solid rgb(0, 0, 255); padding-left: 5px; margin-left: 5px; margin-right: 0px;"><div class="msgHeaders">-----Original Message-----<br><b>From:</b> brunoantognolli@email.com<br><b>Sent:</b> Fri, 22 Jan 2010 07:36:44 -0500<br><b>To:</b> asteriskbrasil@listas.asteriskbrasil.org<br><b>Subject:</b> [AsteriskBrasil] (URGENTE) Tentativa de Invasão?<br><br></div><div class="oldBody"><div><font color="black" face="arial" size="2"><br>
<br>
<div _style="CLEAR: both">Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:</div>
<div _style="CLEAR: both"> </div>
<div _style="CLEAR: both">[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
</div>
<div _style="CLEAR: both">Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 174.129.173.249.</div>
<div _style="CLEAR: both"> </div>
<div _style="CLEAR: both">Isso seria uma tentativa de invasão? </div>
<div _style="CLEAR: both"> </div>
<div _style="CLEAR: both">Se sim, como ele conseguiu acesso aos meus ramais SIP?</div>
<div _style="CLEAR: both">O que preciso fazer para tirar esse cara da rede?</div>
<div _style="CLEAR: both"> </div>
<div _style="CLEAR: both">Em uma pesquisa rápida descobri que esse IP é de Washington.</div>
<div _style="CLEAR: both"><a href="http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html">http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html</a></div>
<div _style="CLEAR: both"> </div>
<div _style="CLEAR: both">Estou alarmado a toa ou é realmente uma tentativa de invasão?</div>
<div _style="CLEAR: both"> </div>
<div _style="CLEAR: both">Obrigado lista.</div>
</font>
</div></div></blockquote>
</BODY>
</HTML>