<div dir="ltr"><div>Oi Eduardo !</div><div> </div><div>Se você não tem nenhum serviço de videotexto rodando neste servidor é motivo para ficar preocupado, veja alguns serviços que rodam nesta porta :</div><div> </div><div>
<table style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:0px;border:currentColor;text-align:left;color:rgb(0,0,0);text-transform:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:normal;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal;background-color:rgb(245,245,245)">
<tbody><tr title="updated: 2010-03-22, hits: 2881 (2.38)
not scanned"><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
20005</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
tcp</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
trojan</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
MoSucker trojan</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
<i>SG</i></td></tr><tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned" style="background-color:rgb(255,238,195)"><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
20005</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
tcp</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
trojan</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
[trojan] MoSucker</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
<i>Trojans</i></td></tr><tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned"><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
20005</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
tcp,udp</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
openwebnet</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
OpenWebNet protocol for electric network</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
<i>IANA</i></td></tr><tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned"><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
20005</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
tcp</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
btx</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
xcept4 (Interacts with German Telekom's CEPT videotext service)</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
<i>SANS</i></td></tr><tr title="updated: 2009-02-24, hits: 3402 (2.13)
not scanned" style="background-color:rgb(255,238,195)"><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
20005</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
tcp</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
Mosucker</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
[trojan] Mosucker</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
<i>SANS</i></td></tr><tr title="updated: 2009-03-06, hits: 3401 (2.14)
not scanned"><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:165px;text-align:center;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
20005</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:55px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
tcp</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:80px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
btx</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:806px;text-align:left;vertical-align:top;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
xcept4 (Interacts with German Telekom's CEPT videotext service)</td><td style="font:12px/normal Verdana,Arial,Helvetica,sans-serif;margin:0px;padding:5px;border:1px solid rgb(255,255,255);width:69px;text-align:center;vertical-align:top;white-space:nowrap;border-collapse:collapse;border-spacing:0px;font-size-adjust:none;font-stretch:normal">
<i>Nmap</i></td></tr></tbody></table></div><div> </div><div> </div><div>A porta 729 também é perigosa, permite descobrir remotamente quais serviços rodam em seu servidor !</div><div> </div><div>Ambas podem ser atacadas via DoS, possuem exploits no submundo !</div>
<div> </div><div>Feche estas portas em seu firewall imediatamente!</div><div> </div><div>Veja quais serviços estão rodando desnecessariamente em mate todos...</div><div> </div><div>Fica complicado saber sem mais detalhes da invasão(logs), se estas foram as portas de entrada !</div>
<div> </div><div> </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">Em 11 de julho de 2013 11:30, Eduardo Pereira <span dir="ltr"><<a href="mailto:edupbar@gmail.com" target="_blank">edupbar@gmail.com</a>></span> escreveu:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Caros, bom dia!<br>
<br>
Tive um asterisk invadido e após isso percebi duas portas abertas<br>
chamadas netviewdm1 e btx!.<br>
Algum conhece estas portas?<br>
Fruto do ataque??<br>
<br>
[root@pbx ~]# nmap 127.0.0.1<br>
<br>
Starting Nmap 4.11 ( <a href="http://www.insecure.org/nmap/" target="_blank">http://www.insecure.org/nmap/</a> ) at 2013-07-11 11:28 BRT<br>
Interesting ports on localhost (127.0.0.1):<br>
Not shown: 1674 closed ports<br>
PORT STATE SERVICE<br>
80/tcp open http<br>
111/tcp open rpcbind<br>
443/tcp open https<br>
729/tcp open netviewdm1<br>
3306/tcp open mysql<br>
20005/tcp open btx?<br>
<br>
Att<br>
_______________________________________________<br>
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>
Intercomunicadores para acesso remoto via rede IP. Conheça em <a href="http://www.Khomp.com" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.<br>
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
</blockquote></div><br></div>