<div>Olá,<br></div><div><br></div><div><br></div><div>Para obter a lista de endereços IP alocados para o Brasil, basta consultar a lista disponível em:</div><div><a href="ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest">ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest</a></div>
<div>e filtrar as entradas do 2o campo que contém 'BR'.</div><div>O 4o campo contém o endereço de rede e o 5o campo o número de hosts para tal rede.</div><div><br></div><div>De forma análoga, é possível obter os endereços de portugal no endereço</div>
<div><a href="ftp://ftp.lacnic.net/pub/stats/ripencc/delegated-ripencc-latest">ftp://ftp.lacnic.net/pub/stats/ripencc/delegated-ripencc-latest</a></div><div>e filtrar as entradas do 2o campo que contém 'PT'.</div>
<div><br></div><div><br></div><div>Porém mesmo obtendo esses dados, acredito que a lista ficará muito grande e poderá dar algum impacto no desempenho devido a quantidade de DENYs, tanto se for implementado no asterisk, quanto se for implementado no iptables.</div>
<div><br></div><div>No asterisk nunca implementei dessa forma, mas no iptables já fiz testes e colocar drop all e liberar somente as redes alocadas para o brasil deu um impacto negativo no firewall.</div><div><br></div><div>
<br></div><div>Att</div><div>Luiz Gustavo</div><br><div class="gmail_quote">2010/1/22 <span dir="ltr"><<a href="mailto:meiralins@midiabyte.com.br">meiralins@midiabyte.com.br</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Prezados, qual a sintaxe correta a ser inserida no sip.conf, para bloquear<br>
uma séire de IP's?<br>
<br>
deny=<a href="http://58.0.0.0/255.0.0.0
deny=59.0.0.0/255.0.0.0
deny=219.232.0.0/255.255.0.0" target="_blank">58.0.0.0/255.0.0.0<br>
deny=59.0.0.0/255.0.0.0<br>
deny=219.232.0.0/255.255.0.0</a><br>
<br>
Bloquearia qualqer ip inciado com 58, 59, ou 219.232?<br>
<br>
Outras dúvida é se podemos usar máscaras ou concatenar as séries:<br>
<br>
Exemplos:<br>
<br>
Poderia ser usado:<br>
deny=<a href="http://58.0.0.0/255.0.0.0&59.0.0.0/255.0.0.0&219.232.0.0/255.255.0.0" target="_blank">58.0.0.0/255.0.0.0&59.0.0.0/255.0.0.0&219.232.0.0/255.255.0.0</a> no lugar<br>
de várias instruções seguidas?<br>
<br>
Ou pode ser usado: deny=5[89].0.0.0/<a href="http://255.0.0.0" target="_blank">255.0.0.0</a> ????<br>
<br>
Enfim... Grato;<br>
<div class="im">Fernando<br>
<br>
<br>
<br>
<br>
<br>
--------------------------------------------------<br>
From: "Roniton Rezende Oliveira" <<a href="mailto:roniton@gmail.com">roniton@gmail.com</a>><br>
Sent: Friday, January 22, 2010 10:16 AM<br>
To: <<a href="mailto:asteriskbrasil@listas.asteriskbrasil.org">asteriskbrasil@listas.asteriskbrasil.org</a>><br>
Subject: Re: [AsteriskBrasil](URGENTE) Tentativa de Invasão?<br>
<br>
</div><div><div class="h5">> Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk<br>
> (<a href="http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk" target="_blank">http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk</a>)<br>
> ou o original (<a href="http://blogs.digium.com/2009/03/28/sip-security/" target="_blank">http://blogs.digium.com/2009/03/28/sip-security/</a>)<br>
><br>
> Roniton Oliveira<br>
><br>
> 2010/1/22 <<a href="mailto:brunoantognolli@email.com">brunoantognolli@email.com</a>>:<br>
>><br>
>><br>
>> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:<br>
>><br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593<br>
>> handle_request_register:<br>
>> Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for<br>
>> '174.129.173.249' - Wrong password<br>
>> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no<br>
>> sip<br>
>> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do<br>
>> "invasor" é 174.129.173.249.<br>
>><br>
>> Isso seria uma tentativa de invasão?<br>
>><br>
>> Se sim, como ele conseguiu acesso aos meus ramais SIP?<br>
>> O que preciso fazer para tirar esse cara da rede?<br>
>><br>
>> Em uma pesquisa rápida descobri que esse IP é de Washington.<br>
>> <a href="http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html" target="_blank">http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html</a><br>
>><br>
>> Estou alarmado a toa ou é realmente uma tentativa de invasão?<br>
>><br>
>> Obrigado lista.<br>
>> _______________________________________________<br>
>> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
>> - Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
>> - Suporte técnico local qualificado e gratuito<br>
>> Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br" target="_blank">www.khomp.com.br</a><br>
>> _______________________________________________<br>
>> Lista de discussões AsteriskBrasil.org<br>
>> <a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
>> <a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
>><br>
> _______________________________________________<br>
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
> - Suporte técnico local qualificado e gratuito<br>
> Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br" target="_blank">www.khomp.com.br</a><br>
> _______________________________________________<br>
> Lista de discussões AsteriskBrasil.org<br>
> <a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
> <a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
><br>
<br>
<br>
<br>
_______________________________________________<br>
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
- Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
- Suporte técnico local qualificado e gratuito<br>
Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br" target="_blank">www.khomp.com.br</a><br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br>
</div></div></blockquote></div><br>