<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix"><br>
      Sim, foram realizadas chamadas, a GVT chegou a bloquear o E1 por
      ter identificado chamadas internacionais na madrugada.<br>
      <br>
      Verifiquei que quem invadiu utilizou uma falha no vtigercrm. Por
      uma url de um dos modulos do vtiger conseguiu ler arquivos das
      pastas etc e asterisk.<br>
      <br>
      Em 11-07-2013 13:07, Eng Eder de Souza escreveu:<br>
    </div>
    <blockquote
cite="mid:CAFx1bpJYWmBaYLycuXhuzSgs8Wd19qz-ApA9O35MBmbLqHZXSA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>Acho estranho heim todos os servi&ccedil;os est&atilde;o sendo executados
          pelo usu&aacute;rio asterisk, parecem ser legitimo, mas &eacute; melhor n&atilde;o
          arriscar ...</div>
        <div>&nbsp;</div>
        <div>O&nbsp;processo que roda na porta 729 &eacute; o rpc.statd com o PID
          1819&nbsp;</div>
        <div>&nbsp;</div>
        <div>O outro processo da porta 20005 &eacute; o dialerd PID 2325</div>
        <div>&nbsp;</div>
        <div>Repara que tem conex&atilde;o estabelecida da porta 20005!</div>
        <div>&nbsp;</div>
        <div>Se n&atilde;o usa estes servi&ccedil;os mate eles com kill -9 1819 e kill
          -9 2325</div>
        <div>&nbsp;</div>
        <div>Sinceramente n&atilde;o acho que teve invas&atilde;o por estas portas ...</div>
        <div>&nbsp;</div>
        <div>Os IPs que falou n&atilde;o est&atilde;o fazendo nada de mais, s&oacute; est&atilde;o
          logados na porta 443!</div>
        <div>&nbsp;</div>
        <div>Elucide melhor como foi esta invas&atilde;o ?</div>
        <div>&nbsp;</div>
        <div>Algu&eacute;m fez chamadas pelo seu Asterisk ??</div>
        <div>&nbsp;</div>
        <div>&nbsp;</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">Em 11 de julho de 2013 12:42, Eduardo
          Pereira <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:edupbar@gmail.com" target="_blank">edupbar@gmail.com</a>&gt;</span>
          escreveu:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>O resultado:<br>
                <br>
                rpc.statd&nbsp; 1819&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rpcuser&nbsp;&nbsp;&nbsp; 7u&nbsp; IPv4&nbsp;&nbsp; 5636&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:netviewdm1 (LISTEN)<br>
                <br>
                Estes ips 192.168.1.10 e 192.168.1.4, sao PAs logadas na
                interface elastix callcenter com softfone 3cx.<br>
                COMMAND&nbsp;&nbsp;&nbsp;&nbsp; PID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; USER&nbsp;&nbsp; FD&nbsp;&nbsp; TYPE DEVICE SIZE
                NODE NAME<br>
                dialerd&nbsp;&nbsp;&nbsp; 2320&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 3u&nbsp; IPv4&nbsp; 17250&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:34127-&gt;localhost:5038 (ESTABLISHED)<br>
                dialerd&nbsp;&nbsp;&nbsp; 2321&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 7u&nbsp; IPv4&nbsp; 17249&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:34126-&gt;localhost:5038(
                ESTABLISHED)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

                <br>
                dialerd&nbsp;&nbsp;&nbsp; 2325&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 9u&nbsp; IPv4&nbsp;&nbsp; 7123&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:20005
                (LISTEN)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

                <br>
                dialerd&nbsp;&nbsp;&nbsp; 2325&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 10u&nbsp; IPv4&nbsp; 17247&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:34125-&gt;localhost:5038
                (ESTABLISHED)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

                <br>
                dialerd&nbsp;&nbsp;&nbsp; 2325&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 11u&nbsp; IPv4 585896&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:20005-&gt;localhost:34557
                (ESTABLISHED)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

                <br>
                dialerd&nbsp;&nbsp;&nbsp; 2325&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 12u&nbsp; IPv4 585121&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:20005-&gt;localhost:41387 (ESTABLISHED)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 27466&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 14u&nbsp; IPv4 585108&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP 192.168.1.253:https-&gt;<a moz-do-not-send="true"
                  href="http://192.168.1.10:49180" target="_blank">192.168.1.10:49180</a>
                (ESTABLISHED)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 27466&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 19u&nbsp; IPv4 585120&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:41387-&gt;localhost:20005 (ESTABLISHED)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 27467&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 3u&nbsp; IPv4&nbsp;&nbsp; 6802&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:http (LISTEN)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 27467&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 4u&nbsp; IPv4&nbsp;&nbsp; 6808&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:https (LISTEN)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 27491&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 3u&nbsp; IPv4&nbsp;&nbsp; 6802&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:http (LISTEN)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 27491&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 4u&nbsp; IPv4&nbsp;&nbsp; 6808&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:https (LISTEN)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 28226&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 3u&nbsp; IPv4&nbsp;&nbsp; 6802&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:http (LISTEN)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 28226&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp;&nbsp; 4u&nbsp; IPv4&nbsp;&nbsp; 6808&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP *:https (LISTEN)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 28226&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 14u&nbsp; IPv4 585883&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP 192.168.1.253:https-&gt;<a moz-do-not-send="true"
                  href="http://192.168.1.4:50737" target="_blank">192.168.1.4:50737</a>
                (ESTABLISHED)<br>
                httpd&nbsp;&nbsp;&nbsp;&nbsp; 28226&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; asterisk&nbsp;&nbsp; 19u&nbsp; IPv4 585895&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                TCP localhost:34557-&gt;localhost:20005 (ESTABLISHED)<br>
                <br>
                <br>
                Em 11-07-2013 12:29, Eng Eder de Souza escreveu:<br>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>Em tempo tbm d&aacute; pra fazer assim :</div>
                      <div>&nbsp;</div>
                      <div>lsof -t -i:20005</div>
                      <div>
                        <div>lsof -t -i:729</div>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">Em 11 de julho de 2013
                        12:23, Eng Eder de Souza <span dir="ltr">&lt;<a
                            moz-do-not-send="true"
                            href="mailto:eder.souza@bsd.com.br"
                            target="_blank">eder.souza@bsd.com.br</a>&gt;</span>
                        escreveu:<br>
                        <blockquote class="gmail_quote"
                          style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
                          <div dir="ltr">
                            <div>Claro que sim !</div>
                            <div>&nbsp;</div>
                            <div>&nbsp;</div>
                            <div>Em solo Linux como root execute:</div>
                            <div>&nbsp;</div>
                            <div>lsof -i</div>
                            <div>&nbsp;</div>
                            <div>Com isso voc&ecirc; vai ter o nome da
                              aplica&ccedil;&atilde;o que est&aacute; rodando, o PID e a
                              porta por n&uacute;mero ou nome do servi&ccedil;o!</div>
                            <div>&nbsp;</div>
                            <div>&nbsp;</div>
                          </div>
                          <div class="gmail_extra"><br>
                            <br>
                            <div class="gmail_quote">Em 11 de julho de
                              2013 12:06, Eduardo Pereira <span
                                dir="ltr">&lt;<a moz-do-not-send="true"
                                  href="mailto:edupbar@gmail.com"
                                  target="_blank">edupbar@gmail.com</a>&gt;</span>
                              escreveu:
                              <div>
                                <div><br>
                                  <blockquote class="gmail_quote"
                                    style="margin:0px 0px 0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
                                    <div bgcolor="#FFFFFF"
                                      text="#000000">
                                      <div>Eder, bom dia!<br>
                                        <br>
                                        n&atilde;o tenho servi&ccedil;os de v&iacute;deo...<br>
                                        tentai encontra os processos que
                                        est&atilde;o abrindo estas portas porem
                                        n&atilde;o encontrei nenhum servi&ccedil;o
                                        estranho.<br>
                                        Existe alguma forma de descobrir
                                        o processo especifico desta
                                        porta?<br>
                                        <br>
                                        <br>
                                        Em 11-07-2013 11:58, Eng Eder de
                                        Souza escreveu:<br>
                                      </div>
                                      <div>
                                        <div>
                                          <blockquote type="cite">
                                            <div dir="ltr">
                                              <div>Oi Eduardo !</div>
                                              <div>&nbsp;</div>
                                              <div>Se voc&ecirc; n&atilde;o tem
                                                nenhum servi&ccedil;o de
                                                videotexto rodando neste
                                                servidor&nbsp;&eacute; motivo para
                                                ficar&nbsp;preocupado, veja
                                                alguns servi&ccedil;os que
                                                rodam nesta porta :</div>
                                              <div>&nbsp;</div>
                                              <div>
                                                <table
                                                  style="font:12px/normal
Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:0px;border:currentColor;text-align:left;text-transform:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:normal;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal;background-color:rgb(245,245,245)">
                                                  <tbody>
                                                    <tr title="updated:
                                                      2010-03-22, hits:
                                                      2881 (2.38) not
                                                      scanned">
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">trojan</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">MoSucker


                                                        trojan</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>SG</i></td>
                                                    </tr>
                                                    <tr title="updated:
                                                      2009-02-24, hits:
                                                      3402 (2.13) not
                                                      scanned"
                                                      style="background-color:rgb(255,238,195)">
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">trojan</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">[trojan]


                                                        MoSucker</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>Trojans</i></td>
                                                    </tr>
                                                    <tr title="updated:
                                                      2009-02-24, hits:
                                                      3402 (2.13) not
                                                      scanned">
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp,udp</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">openwebnet</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">OpenWebNet


                                                        protocol for
                                                        electric network</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>IANA</i></td>
                                                    </tr>
                                                    <tr title="updated:
                                                      2009-02-24, hits:
                                                      3402 (2.13) not
                                                      scanned">
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">btx</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">xcept4


                                                        (Interacts with
                                                        German Telekom's
                                                        CEPT videotext
                                                        service)</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>SANS</i></td>
                                                    </tr>
                                                    <tr title="updated:
                                                      2009-02-24, hits:
                                                      3402 (2.13) not
                                                      scanned"
                                                      style="background-color:rgb(255,238,195)">
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">Mosucker</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">[trojan]


                                                        Mosucker</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>SANS</i></td>
                                                    </tr>
                                                    <tr title="updated:
                                                      2009-03-06, hits:
                                                      3401 (2.14) not
                                                      scanned">
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">20005</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">tcp</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">btx</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">xcept4


                                                        (Interacts with
                                                        German Telekom's
                                                        CEPT videotext
                                                        service)</td>
                                                      <td
                                                        style="font:12px/normal
                                                        Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px
                                                        solid
rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal"><i>Nmap</i></td>
                                                    </tr>
                                                  </tbody>
                                                </table>
                                              </div>
                                              <div>&nbsp;</div>
                                              <div>&nbsp;</div>
                                              <div>A porta 729 tamb&eacute;m &eacute;
                                                perigosa, permite
                                                descobrir remotamente
                                                quais servi&ccedil;os rodam em
                                                seu servidor !</div>
                                              <div>&nbsp;</div>
                                              <div>Ambas podem ser
                                                atacadas via
                                                DoS,&nbsp;possuem exploits no
                                                submundo !</div>
                                              <div>&nbsp;</div>
                                              <div>Feche estas portas em
                                                seu firewall
                                                imediatamente!</div>
                                              <div>&nbsp;</div>
                                              <div>Veja quais servi&ccedil;os
                                                est&atilde;o rodando
                                                desnecessariamente em
                                                mate todos...</div>
                                              <div>&nbsp;</div>
                                              <div>Fica complicado saber
                                                sem mais detalhes da
                                                invas&atilde;o(logs), se estas
                                                foram as portas de
                                                entrada !</div>
                                              <div>&nbsp;</div>
                                              <div>&nbsp;</div>
                                            </div>
                                            <div class="gmail_extra"><br>
                                              <br>
                                              <div class="gmail_quote">Em
                                                11 de julho de 2013
                                                11:30, Eduardo Pereira <span
                                                  dir="ltr">&lt;<a
                                                    moz-do-not-send="true"
href="mailto:edupbar@gmail.com" target="_blank">edupbar@gmail.com</a>&gt;</span>
                                                escreveu:<br>
                                                <blockquote
                                                  class="gmail_quote"
                                                  style="margin:0px 0px
                                                  0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">Caros,

                                                  bom dia!<br>
                                                  <br>
                                                  Tive um asterisk
                                                  invadido e ap&oacute;s isso
                                                  percebi duas portas
                                                  abertas<br>
                                                  chamadas netviewdm1 e
                                                  btx!.<br>
                                                  Algum conhece estas
                                                  portas?<br>
                                                  Fruto do ataque??<br>
                                                  <br>
                                                  [root@pbx ~]# nmap
                                                  127.0.0.1<br>
                                                  <br>
                                                  Starting Nmap 4.11 ( <a
moz-do-not-send="true" href="http://www.insecure.org/nmap/"
                                                    target="_blank">http://www.insecure.org/nmap/</a>
                                                  ) at 2013-07-11 11:28
                                                  BRT<br>
                                                  Interesting ports on
                                                  localhost (127.0.0.1):<br>
                                                  Not shown: 1674 closed
                                                  ports<br>
                                                  PORT &nbsp; &nbsp; &nbsp;STATE
                                                  SERVICE<br>
                                                  80/tcp &nbsp; &nbsp;open &nbsp;http<br>
                                                  111/tcp &nbsp; open
                                                  &nbsp;rpcbind<br>
                                                  443/tcp &nbsp; open &nbsp;https<br>
                                                  729/tcp &nbsp; open
                                                  &nbsp;netviewdm1<br>
                                                  3306/tcp &nbsp;open &nbsp;mysql<br>
                                                  20005/tcp open &nbsp;btx?<br>
                                                  <br>
                                                  Att<br>
_______________________________________________<br>
                                                  KHOMP: completa linha
                                                  de placas externas
                                                  FXO, FXS, GSM e E1;<br>
                                                  Media Gateways de 1 a
                                                  64 E1s para SIP com
                                                  R2, ISDN e SS7;<br>
                                                  Intercomunicadores
                                                  para acesso remoto via
                                                  rede IP. Conhe&ccedil;a em <a
moz-do-not-send="true" href="http://www.Khomp.com" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
                                                  ALIGERA &#8211; Fabricante
                                                  nacional de Gateways
                                                  SIP-E1 para R2, ISDN e
                                                  SS7.<br>
                                                  Placas de 1E1, 2E1,
                                                  4E1 e 8E1 para PCI ou
                                                  PCI Express.<br>
                                                  Channel Bank &#8211;
                                                  Appliance Asterisk -
                                                  Acesse <a
                                                    moz-do-not-send="true"
href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
                                                  Para remover seu email
                                                  desta lista, basta
                                                  enviar um email em
                                                  branco para <a
                                                    moz-do-not-send="true"
href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org"
                                                    target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                                                </blockquote>
                                              </div>
                                              <br>
                                            </div>
                                            <br>
                                            <fieldset></fieldset>
                                            <br>
                                            <pre>_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a em <a moz-do-not-send="true" href="http://www.Khomp.com" target="_blank">www.Khomp.com</a>.
_______________________________________________
ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank &#8211; Appliance Asterisk - Acesse <a moz-do-not-send="true" href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a moz-do-not-send="true" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
                                          </blockquote>
                                          <br>
                                        </div>
                                      </div>
                                    </div>
                                    <br>
_______________________________________________<br>
                                    KHOMP: completa linha de placas
                                    externas FXO, FXS, GSM e E1;<br>
                                    Media Gateways de 1 a 64 E1s para
                                    SIP com R2, ISDN e SS7;<br>
                                    Intercomunicadores para acesso
                                    remoto via rede IP. Conhe&ccedil;a em <a
                                      moz-do-not-send="true"
                                      href="http://www.Khomp.com"
                                      target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
                                    ALIGERA &#8211; Fabricante nacional de
                                    Gateways SIP-E1 para R2, ISDN e SS7.<br>
                                    Placas de 1E1, 2E1, 4E1 e 8E1 para
                                    PCI ou PCI Express.<br>
                                    Channel Bank &#8211; Appliance Asterisk -
                                    Acesse <a moz-do-not-send="true"
                                      href="http://www.aligera.com.br"
                                      target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
                                    Para remover seu email desta lista,
                                    basta enviar um email em branco para
                                    <a moz-do-not-send="true"
                                      href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org"
                                      target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                                  </blockquote>
                                </div>
                              </div>
                            </div>
                            <br>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a em <a moz-do-not-send="true" href="http://www.Khomp.com" target="_blank">www.Khomp.com</a>.
_______________________________________________
ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank &#8211; Appliance Asterisk - Acesse <a moz-do-not-send="true" href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a moz-do-not-send="true" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>
            Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>
            Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a
            em <a moz-do-not-send="true" href="http://www.Khomp.com"
              target="_blank">www.Khomp.com</a>.<br>
            _______________________________________________<br>
            ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2,
            ISDN e SS7.<br>
            Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
            Channel Bank &#8211; Appliance Asterisk - Acesse <a
              moz-do-not-send="true" href="http://www.aligera.com.br"
              target="_blank">www.aligera.com.br</a>.<br>
            _______________________________________________<br>
            Para remover seu email desta lista, basta enviar um email em
            branco para <a moz-do-not-send="true"
              href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a em <a class="moz-txt-link-abbreviated" href="http://www.Khomp.com">www.Khomp.com</a>.
_______________________________________________
ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank &#8211; Appliance Asterisk - Acesse <a class="moz-txt-link-abbreviated" href="http://www.aligera.com.br">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a class="moz-txt-link-abbreviated" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
    </blockquote>
    <br>
  </body>
</html>