Como ação emergencial adicione uma regra de DROP pra este IP no seu IPTABLES.<br><br><br><div class="gmail_quote">2010/1/22 <span dir="ltr"><<a href="mailto:brunoantognolli@email.com">brunoantognolli@email.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><font color="black" face="arial" size="2"><br>
<br>
<div style="clear: both;">Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:</div>
<div style="clear: both;"> </div>
<div style="clear: both;">[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password<br>
</div>
<div style="clear: both;">Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 174.129.173.249.</div>
<div style="clear: both;"> </div>
<div style="clear: both;">Isso seria uma tentativa de invasão? </div>
<div style="clear: both;"> </div>
<div style="clear: both;">Se sim, como ele conseguiu acesso aos meus ramais SIP?</div>
<div style="clear: both;">O que preciso fazer para tirar esse cara da rede?</div>
<div style="clear: both;"> </div>
<div style="clear: both;">Em uma pesquisa rápida descobri que esse IP é de Washington.</div>
<div style="clear: both;"><a href="http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html" target="_blank">http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html</a></div>
<div style="clear: both;"> </div>
<div style="clear: both;">Estou alarmado a toa ou é realmente uma tentativa de invasão?</div>
<div style="clear: both;"> </div>
<div style="clear: both;">Obrigado lista.</div>
</font>
<br>_______________________________________________<br>
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
- Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
- Suporte técnico local qualificado e gratuito<br>
Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br" target="_blank">www.khomp.com.br</a><br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br></blockquote></div><br><br clear="all"><br>-- <br>Eduardo Vieira<br>