Fica facil descobrir o nome de usuário quando ele é o mesmo número do ramal.<br><br><br><div class="gmail_quote">2010/1/22 SONAVoIP TELECOM | Suporte - Roberto Soares <span dir="ltr"><<a href="mailto:suporte@sonavoip.com.br">suporte@sonavoip.com.br</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="PT-BR">
<div>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Bom dia Bruno,</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Realmente acredito que seja tentativa de invasão. Já sofremos
isso em alguns de nossos servidores, o pessoal descobre seu sip Server, e
simplesmente usam de sistemas e mandam varias tentativas de registro, com usuário
e senha, na verdade, ele não descobriu seu usuário, ele manda aleatoriamente
varias combinações tentando registrar. O que nos usamos para combater isso, é o
constante monitoramento do nosso sistema, e quando se observa esta tentativa de
invasão, automaticamente bloqueamos o IP, e aquele ip não consegue mais
mandar. Cuidado pra não bloquear ip de cliente seu.</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">Abraço</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: red;"> </span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: navy;">Roberto Soares</span><span style="color: navy;"></span></p>
<p class="MsoNormal"><b><span style="font-size: 11pt; color: red;">---------------------------------------------------- </span></b></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: navy;">SONAVoIP - CONECTANDO PESSOAS!!!</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: red;">(MSN)</span><span style="font-size: 11pt; color: navy;"><a href="mailto:suporte@sonavoip.com.br" target="_blank">suporte@sonavoip.com.br</a></span><span style="font-size: 11pt; color: black;"></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: red;" lang="EN-US"><a href="http://www.soaresnascimento.com.br/" title="blocked::http://www.soaresnascimento.com.br/" target="_blank"><span style="font-size: 11pt; color: red;" lang="SV">www.sonavoip.com.br</span></a></span><span style="font-size: 10pt; font-family: "Courier New"; color: red;"></span></p>
<p class="MsoNormal"><span style="color: red;" lang="SV"> </span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: navy;" lang="SV">55-33-3038-0251 G. Valadares </span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: navy;" lang="SV">55-31-3059-0420 Ipatinga </span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: navy;">55-31-3058-0147 Belo horizonte</span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: navy;">55-71-2626-0205 Salvador</span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: navy;" lang="EN-US">55-21-3005-0206 Rio de Janeiro</span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: navy;" lang="EN-US">55-11-2626-4583 São Paulo</span><span style="font-size: 10pt; color: red;" lang="EN-US"></span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: red;" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size: 10pt; font-family: "Courier New"; color: red;"><img src="cid:image001.jpg@01CA9B51.8F173700" alt="cid:image001.jpg@01CA7511.6EBCEF10" width="117" border="0" height="47"></span><span style="font-size: 10pt; font-family: "Courier New"; color: red;" lang="EN-US"></span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span style="font-size: 10pt;">De:</span></b><span style="font-size: 10pt;">
<a href="mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-bounces@listas.asteriskbrasil.org</a>
[mailto:<a href="mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-bounces@listas.asteriskbrasil.org</a>] <b>Em nome de </b><a href="mailto:brunoantognolli@email.com" target="_blank">brunoantognolli@email.com</a><br>
<b>Enviada em:</b> sexta-feira, 22 de janeiro de 2010 10:37<br>
<b>Para:</b> <a href="mailto:asteriskbrasil@listas.asteriskbrasil.org" target="_blank">asteriskbrasil@listas.asteriskbrasil.org</a><br>
<b>Assunto:</b> [AsteriskBrasil] (URGENTE) Tentativa de Invasão?</span></p>
</div><div><div></div><div class="h5">
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span style="font-size: 10pt; color: black;"> </span></p>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593
handle_request_register: Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>'
failed for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration
from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for
'174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration
from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for
'174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed
for '174.129.173.249' - Wrong password<br>
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
Registration from '"1013" <sip:1013@XXX.XXX.XXX.XXX>' failed for
'174.129.173.249' - Wrong password</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Notem que em 1 segundo o "invasor" tentou várias vezes
se registrar no sip 1013 (através do método BruteForce) pelo meu link do
speedy. O IP do "invasor" é 174.129.173.249.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Isso seria uma tentativa de invasão? </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Se sim, como ele conseguiu acesso aos meus ramais SIP?</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">O que preciso fazer para tirar esse cara da rede?</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Em uma pesquisa rápida descobri que esse IP é de Washington.</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"><a href="http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html" target="_blank">http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html</a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Estou alarmado a toa ou é realmente uma tentativa de invasão?</span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: black;">Obrigado lista.</span></p>
</div>
</div></div><p><span style="font-size: 10pt;">Nenhum vírus
encontrado nessa mensagem recebida.<br>
Verificado por AVG - <a href="http://www.avgbrasil.com.br" target="_blank">www.avgbrasil.com.br</a><br>
Versão: 9.0.730 / Banco de dados de vírus: 271.1.1/2636 - Data de Lançamento:
01/22/10 05:34:00</span></p>
</div>
</div>
<br>_______________________________________________<br>
KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.<br>
- Hardware com alta disponibilidade de recursos e qualidade KHOMP<br>
- Suporte técnico local qualificado e gratuito<br>
Conheça a linha completa de produtos KHOMP em <a href="http://www.khomp.com.br" target="_blank">www.khomp.com.br</a><br>
_______________________________________________<br>
Lista de discussões AsteriskBrasil.org<br>
<a href="mailto:AsteriskBrasil@listas.asteriskbrasil.org">AsteriskBrasil@listas.asteriskbrasil.org</a><br>
<a href="http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil" target="_blank">http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil</a><br></blockquote></div><br><br clear="all"><br>-- <br>Eduardo Vieira<br>