<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><font face="Arial" size="3" style="font-size:12pt;">&nbsp; &nbsp;Grande Keller....</font><div><font face="Arial" size="3" style="font-size:12pt;">&nbsp; &nbsp; &nbsp; &nbsp;Bom &nbsp;tê-lo de volta.</font><div><div><br><br><pre style="line-height:17px;white-space:normal;color:rgb(42, 42, 42);background-color:rgb(255, 255, 255)">Hudson&nbsp;<br>(048) 8413-7000<br>Para quem nao cre, nenhuma prova converte,Para aquele que cre, nenhuma prova precisa.&nbsp;</pre><br><br><div><hr id="stopSpelling">From: alexandrekeller@gmail.com<br>Date: Wed, 31 Jul 2013 15:47:18 -0300<br>To: asteriskbrasil@listas.asteriskbrasil.org<br>Subject: Re: [AsteriskBrasil] Ataque massivo a partir do IP 67.207.137.49<br><br>Boa tarde Senhores.<div><br></div><div>Deixe-me dar um pitaco nas questões de segurança.</div><div><br></div><div>Além, é claro e óbvio, das questões associadas a rede, deve-se também tomar muito cuidado com os parâmetros SIP e como o seu plano de discagem foi construído.</div><div><br></div><div>A seguir, algumas dicas, que passo no treinamento avançado de Asterisk que ministro.</div><div><br></div><div>Espero que seja de alguma ajuda:</div><div>














<p class="ecxTextoNormalPrimParag"><span lang="PT-BR"><b>Parâmetros associados a
segurança do Servidor Asterisk, protocolo SIP. </b></span></p><p class="ecxSubItens" style="text-indent:0cm;"><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; <b>allowguest:</b> permite (yes) ou não (no) a conexão sem autenticação.
Certos equipamentos SIP não suportam autenticação, assim é necessário
desabilitar este parâmetro. Deve ser setado na seção general do protocolo SIP.</span></p><p class="ecxSubItens" style="text-indent:0cm;"><b><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; alwaysauthreject:</span></b><span lang="PT-BR">
quando habilitado (yes) faz com que o Asterisk rejeite as requisições de
autenticação inválidas para usuários válidos, com as mesmas informações dos
usuários inválidos; evitando assim que ataques de força-bruta identifiquem
quais extensões são válidas ou não. Deve ser setado na seção general do
protocolo SIP.</span></p><p class="ecxSubItens" style="text-indent:0cm;"><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; <b>permit/deny:</b> limita a conexão a um endereço IP ou faixa de
endereços IP. Para bloquear qualquer conexão deve-se utilizar </span><b><span style="font-size:10pt;font-family:'Lucida Console';">deny=0.0.0.0/0.0.0.0</span></b><span style="font-size:10pt;font-family:'Lucida Console';"> </span><span lang="PT-BR">e então permitir (</span><span style="font-size:10pt;font-family:'Lucida Console';">permit</span><span lang="PT-BR">) somente o IP desejado.<b></b></span></p><p class="ecxCdigoFonte1">deny = 0.0.0.0/0.0.0.0</p><p class="ecxCdigoFonte1">permit = 192.168.250.10/255.255.255.255</p><p class="ecxSubItens" style="text-indent:0cm;"><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; <b>contactpermit/contactdeny:</b> limita o registro a um endereço IP ou
faixa de endereços IP. Utilização é semelhante aos parâmetros </span><span style="font-size:10pt;font-family:'Lucida Console';">permit/deny</span><span lang="PT-BR">.<b></b></span></p><p class="ecxCdigoFonte1">contactdeny = 0.0.0.0/0.0.0.0</p><p class="ecxCdigoFonte1">contactpermit = 192.168.250.10/255.255.255.255</p><p class="ecxSubItens" style="text-indent:0cm;"><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; <b>md5secret:</b> permite o armazenamento da senha de autenticação SIP em
hash MD5, e não em texto puro, como é o padrão no parâmetro </span><span style="font-size:10pt;font-family:'Lucida Console';">secret</span><span lang="PT-BR">. Para gerar o hash MD5 adequado para cada
cliente utilize a seguinte sintaxe:</span></p><p class="ecxCdigoFonte1">Sintaxe:</p><p class="ecxCdigoFonte1">echo -n "username:realm:secret" | md5sum&nbsp;</p><p class="ecxCdigoFonte1">Exemplo:</p><p class="ecxCdigoFonte1">echo -n "9001:asterisk:senha01" | md5sum</p><p class="ecxCdigoFonte1">cd69374645f11ccfcb8d53bd2f81253c&nbsp; -</p><p class="ecxCdigoFonte1">Utilize o valor <b>cd69374645f11ccfcb8d53bd2f81253c</b>
no parâmetro md5secret.</p><div><br></div><div>














<p class="ecxTt2"><span lang="PT-BR"><b>Vulnerabilidades associadas ao Plano de Discagem</b></span></p><p class="ecxTextoNormalPrimParag" style="page-break-after:avoid;"><span lang="PT-BR">&nbsp;– Não utilize o contexto </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">[default]</span><span lang="PT-BR">, pois é o contexto padrão do Asterisk, ou seja, caso o Asterisk não
encontre um contexto associado a uma conta, automaticamente processará a
chamada no contexto </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">[default]</span><span lang="PT-BR">. Como sugestão crie-o da seguinte maneira:</span></p><p class="ecxCdigoFonte1">[default]</p><p class="ecxCdigoFonte1">exten =&gt; _.,1,HangUP</p><p class="ecxTextoNormalPrimParag" style="page-break-after:avoid;"><span lang="PT-BR">–
A utilização da máscara de discagem </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">.</span><span lang="PT-BR"> (ponto) ou </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">!</span><span lang="PT-BR">
(exclamação), permite o que é comumente chamado de “dialplan injection”, ou
seja, a inserção de caracteres a serem processados além dos desejados, como no
exemplo na regra </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">exten=&gt;_X.,1,Dial(SIP/${EXTEN},30,tT)</span><span lang="PT-BR">, onde o uso do </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">.</span><span lang="PT-BR"> (ponto) aceita qualquer caractere, numérico ou não. Imagine então
se fosse enviada a seguinte sequência de caracteres para ser processada </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">1234&amp;SIP/provedor/551135228446</span><span lang="PT-BR">, o Asterisk processaria a chamada e executaria </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">Dial(SIP/1234&amp;SIP/provedor/551135228446,30,tT)</span><span lang="PT-BR">, ou seja, uma discagem bastante indevida. Existem duas formas
indicadas para evitar esta ocorrência:</span></p><p class="ecxSubItens" style="text-indent:0cm;"><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; Não utilizar as máscaras </span><span style="font-size:10pt;font-family:'Lucida Console';">.</span><span lang="PT-BR"> (ponto) ou </span><span style="font-size:10pt;font-family:'Lucida Console';">!</span><span lang="PT-BR"> (exclamação).<b></b></span></p><p class="ecxSubItens" style="text-indent:0cm;"><span lang="PT-BR" style="font-family:&quot;Wingdings 2&quot;;">–</span><span lang="PT-BR">&nbsp;&nbsp; Utilizar a função </span><span style="font-size:10pt;font-family:'Lucida Console';">FILTER()</span><span lang="PT-BR">, para filtrar apenas os caracteres
numéricos, como no exemplo a seguir:</span></p><p class="ecxCdigoFonte1">[meucontexto]</p><p class="ecxCdigoFonte1">exten =&gt; _X.,1,Set(SAFE_EXTEN=${FILTER(0-9,${EXTEN})})</p><p class="ecxCdigoFonte1">same =&gt; n,Dial(SIP/${SAFE_EXTEN},30,tT) </p><p class="ecxTextoNormalPrimParag" style="page-break-after:avoid;"><span lang="PT-BR">–
Sempre especifique um limite para a quantidade de chamadas iniciada por cada
cliente. Pode-se utilizar as funções </span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';">GROUP() </span><span lang="PT-BR">e</span><span style="font-size:10pt;line-height:120%;font-family:'Lucida Console';"> GROUP_COUNT()</span><span lang="PT-BR"> para tal função dentro do plano de discagem, como no exemplo a
seguir:</span></p><p class="ecxCdigoFonte1">[meucontexto]</p><p class="ecxCdigoFonte1">exten =&gt; _X.,1,Set(GROUP(users)=${CHANNEL(peername)}) </p><p class="ecxCdigoFonte1">same =&gt; n,NoOp(Existem
${GROUP_COUNT(${CHANNEL(peername)})} chamadas para a conta ${CHANNEL(peername)}.)
</p><p class="ecxCdigoFonte1">same =&gt; n,GotoIf($[${GROUP_COUNT(${CHANNEL(peername)})}
&gt; 2]?proibido:continue)</p><p class="ecxCdigoFonte1">same =&gt; n(proibido),NoOp(Limite de chamadas alcançado.)<br>
same =&gt; n,HangUp()<br>
same =&gt; n(continue),NoOp(Continue o processamento normal do plano de
discagem.)</p><p class="ecxCdigoFonte1">same =&gt; n,Set(SAFE_EXTEN=${FILTER(0-9,${EXTEN})})</p><p class="ecxCdigoFonte1">same =&gt; n,Dial(SIP/${SAFE_EXTEN},30,tT)&nbsp;</p>

</div><div>
<span class="ecxApple-style-span" style="border-collapse:separate;border-spacing:0px;">--&nbsp;<br>Atenciosamente,<br><br>ALEXANDRE KELLER<br><br><a href="http://twitter.com/alexandrekeller" target="_blank">http://twitter.com/alexandrekeller</a><br>http://www.facebook.com/alexandre.keller.BR<br><br>"Dinheiro é a consequência de um&nbsp;trabalho bem feito e não o motivo&nbsp;para se fazer um bom trabalho."<br><br>P Antes de imprimir pense em seu&nbsp;compromisso com o Meio Ambiente.</span>
</div>
<br><div><div>On 31/07/2013, at 15:23, Marcio - Google &lt;<a href="mailto:marciorp@gmail.com">marciorp@gmail.com</a>&gt; wrote:</div><br class="ecxApple-interchange-newline"><blockquote><div dir="ltr"><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Guilherme, concordo com a sua colocação final. Segurança é de suma importância para telefonia IP! Complemente dizendo que a maioria nem sabe o que é isso!</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">O exemplo foi minimalista, e só para demonstrar a necessidade de um "firewall" entre a rede externa e os serviços.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">O grande problema é que a maioria mal sabe usar linux, não tem noção dos conceitos básicos de rede e pioro de segurança. Ai pega meia dúzia de receita de bolo na net e sai vendendo serviço, quando dá alguma "zica" a culpa é da tecnologia!</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Quanto ao item 3.1, nunca fiz e me recusaria a fazer, pelo simples fato que qualquer empresa que queria isso tem que ter grana para pagar. Um dos principais erros do mundo "software livre", principalmente no Brasil, é a ideia de que o Linux/Asterisk são de graça, então as soluções tem que ser baratas se não de graça.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Falando dos itens 3.2 e 3.3, é uma segurança a mais. Porém não é 100%, pode ser contornado, principalmente por algum ex-funcionário que tenha saído magoado da empresa e conheça a estrutura. Muitas vezes ele próprio não faz, mas passas as informações para alguém fazer.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Uso o item 3.4, com alguns detalhes a mais.</div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
<br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Pois é, chegamos ao item 3.5, e nesse caso se for um ataque de pequeno porte pra cima, a não ser que você tenha um appliance bem dimensionado, as chances de algum problema são bem grandes. Por problemas não entendo apenas conseguir fazer ligações, mas a própria indisponibilidade do sistema ou queda do serviço é um problema.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Estrutura minima detalhada: Internet &lt;&gt; Router &lt;&gt; Firewall Generalista / Serviços / Aplicações / Pacotes *1 &lt;&gt; IDS &lt;&gt; [Proxy SIP] &lt;&gt; Asterisk</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">*1 - Normalmente um appliance, pode ser dividido em mais de um hardware.</div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
<br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Não to considerando ai DMZ, a parte isolada para os serviços que não são expostos e etc.</div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
<br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Se o individuo passar pelo Firewall, dificilmente ele passa pelo IDS. Se ainda assim passar pelo IDS, o Asterisk pode avisar o IDS de tentativas de conexão mal-sucedidas, e esse por usa vez vai aumentar o rigor. O IDS também conversa com o Firewall, e esse por sua vez com o Router, que em ultima instancia isola determinadas rotas até a ação de um sysadmin.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">O problema é que a maioria não tem a menor noção disso, baixa a ISO de uma distro Linux qualquer, instala de qualquer jeito e normalmente mais pacotes que o necessário, baixa o Asterisk, usa uma receita de bolo para instalar e sobe ele como *root* mesmo. Dai pega um script de iptables pronto, que nem ao menos intende direito o que faz, e quando muito instala o Fail2Ban, com receita de bolo também, e acha que é o supra sumo do universo em Linux, Segurança, Redes, Asterisk e tudo mais. Tá feito a lambança.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Na primeira *zica* que acontece, fica desesperado, não sabe nem os logs que tem e muito menos como usa-los, e vem pedir socorro na lista. E não estou falando só sobre a questão de segurança mesmo.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">É só prestar atenção nas "dúvidas" que são postadas, chega ser triste! Chega ao cumulo do cara postar a dúvida com um fragmento de log com a mensagem explicando o problema!</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">É só olhar a quantidade de gente cadastrada na lista, muitos antigos, que nem respondem mais. Dá desanimo!</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Eu mesmo só voltei a ativa pra passar o tempo, e quando surge uma dúvida de alguém que realmente demonstra ter interesse, tento ajudar.</div>
<div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">É isso, desculpe misturar a resposta a esse desabafo!</div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
<br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div><div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;"><br></div></div><div class="ecxgmail_extra"><br clear="all">
<div><div dir="ltr"><br>[...]'s<br><br>Marcio<div><br></div><div><div style="font-family:arial;font-size:small;">========================================</div><div style="font-family:arial;font-size:small;">########### Campanha Ajude o Marcio! ###########</div>
<div style="font-family:arial;font-size:small;"><a href="http://sosmarcio.blogspot.com.br/" style="color:rgb(17,85,204);" target="_blank">http://sosmarcio.blogspot.com.br/</a></div><div style="font-family:arial;font-size:small;">
<a href="http://www.vakinha.com.br/VaquinhaP.aspx?e=195793" style="color:rgb(17,85,204);" target="_blank">http://www.vakinha.com.br/VaquinhaP.aspx?e=195793</a><br></div><div style="font-family:arial;font-size:small;">========================================</div>
</div></div></div>
<br><br><div class="ecxgmail_quote">Em 31 de julho de 2013 13:31, Guilherme Rezende <span dir="ltr">&lt;<a href="mailto:asterisk@guilherme.eti.br" target="_blank">asterisk@guilherme.eti.br</a>&gt;</span> escreveu:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">

  
    
  
  <div>
    Márcio, gerando uma discursão saudável sobre aspecto segurança:<br>
    &nbsp;&nbsp;&nbsp; Trabalho a 13 anos c/ Linux e Firewall e a 4 c/ Asterisk.&nbsp; Ja
    trabalhei e ainda faço algumas instalações(de vez em quando) de
    Fortinet, SonicWall e Linux/Iptables/Snort. <br>
    Bom, quando precisamos colocar uma máquina Asterisk exposta na
    Internet p/ que clientes externos possa se logar via SIP, a melhor
    alternativa é criando tuneis com OpenVPN usando TAP+SSL.&nbsp; Porém nem
    sempre em virtudes de custo essa solução torna-se viável e
    precisamos expor nosso Asterisk na Internet, tanto diretamente c/ um
    IP Público ou conforme solução apresentada por vc abaixo.<br>
    &nbsp;&nbsp;&nbsp; Eu, particulamente discordo de sua solução que postou abaixo e
    prefiro usar IP-Público no Asterisk.&nbsp; Veja os motivos:<br>
    <br>
    1 - No modelo que apresenta, seu Asterisk não fica livre de falhas
    ou Bugs no módulo SIP do Asterisk.&nbsp; O protoco SIP/UDP na forma que
    apresenta abaixo fica exposto na mesma forma como seu Asterisk
    estivesse c/ IP-Público, além de poder gerar anomalias do NAT com
    SIP.&nbsp; Se o SIP não estiver liberado externo ninguém externamente irá
    se logar no seu server correto? Um atacante pode facilmente fazer
    BruteForce em seu servidor no modelo abaixo como se o mesmo
    estivesse com IP-Publico.&nbsp; Uma ferramenta p/ isso e que uso em
    laboratório é o sipvicious.&nbsp;&nbsp;&nbsp; Não sei o porque, mas sempre quando
    sofro esses ataques, todos são oriundos de redes externas, ou seja,
    fora do Brasil.&nbsp; Acho que até na lista todos os cologas apenas
    sofrem ataques de brute force externo também...<br>
    <br>
    2 - Bom, passando da esfera de um filtro de pacotes, uma grande
    solução seria análise de cabeçalho/string de pacotes do SIP p/
    identificar anomalia no mesmo e ai sim bloquear, como ja existe p/
    HTTP, SMTP, etc...&nbsp; Infelizmente nenhum dos firewalls proprietário
    que conheço não possui essa técnica.<br>
    <br>
    3 - Bom, resumindo minhas colocações, eu monto meus projetos da
    seguinte forma:<br>
    &nbsp;&nbsp;&nbsp; 3.1 - Quando se torna necessário expor o Asterisk ao IP
    Público.&nbsp; "Eu possuo 4 clientes c/ esse modelo e nunca tive
    problemas. Porém tentativas foram várias"<br>
    &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; Internet &lt;&gt; Router &lt;&gt;&nbsp; Asterisk<br>
    &nbsp;&nbsp;&nbsp; 3.2 - Se todos os ips públicos que irão se logar via SIP são
    fixos, libero no firewall(iptables) apenas esses IP´s p/ se logarem.<br>
    &nbsp;&nbsp;&nbsp; 3.3 - Caso não sei de onde esses IP´s virão, Libero a Range do
    BR conforme ja postei aqui e fecho todas as portas TCP, abrindo
    apenas as que irei usar como SSH, HTTP, etc..<br>
    &nbsp;&nbsp;&nbsp; 3.4 - Depois do filtro de pacotes, instale um IDS p/ analise de
    pacotes mal forjados em cima do seu Asterisk e um bom exemplo p/
    isso é usar o SNORT c/ uma rule pronta Asterisk.
    <a href="http://blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html" target="_blank">http://blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html</a><br>
    &nbsp;&nbsp;&nbsp; 3.5 - Em 95% dos casos os ataques em cima do Asterisk são
    Brute-Force em cima do SIP p/ tentar se logar.&nbsp; Dificilmente os
    ataques em cima do SIP são de Stack-Overflow p/ se conseguir um
    shell no sistema por falha do Asterisk.&nbsp; <br>
    &nbsp;&nbsp;&nbsp; Enfim, são vários cenários e concordo com vc quando diz p/
    evitar expor seu Asterisk c/ IP Público.&nbsp; Devemos expor o mínimo.&nbsp;
    Porém nem sempre é possível.......<br>
    &nbsp;&nbsp;&nbsp; <br>
    Desculpa se fugi um pouco do escopo da lista que é Asterisk, mas
    creio que é um assunto de suma importância par telefonia IP.&nbsp; Que é
    a seguança !!!<br>
    <br>
    <br>
    <br>
    Em 31/07/2013 13:51, Marcio - Google escreveu:
    <div><div class="h5"><blockquote>
      <div dir="ltr">
        <div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">IP público no
          server?!?!?! My Good, alguém realmente faz uma sandice
          dessas???</div>
        <div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
          <br>
        </div>
        <div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">Acho que vou
          desencarnar e não terei lido tudo ... rsrsrsrsrsr</div>
        <div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
          <br>
        </div>
        <div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">No mínimo, mas
          mínimo mesmo: Internet &lt;&gt; Router &lt;&gt; Firewall
          &lt;&gt; [NAT] &lt;&gt; Asterisk</div>
        <div class="ecxgmail_default" style="font-family:arial,helvetica,sans-serif;">
          <br>
        </div>
      </div>
      <div class="ecxgmail_extra"><br clear="all">
        <div>
          <div dir="ltr"><br>
            [...]'s<br>
            <br>
            Marcio
            <div><br>
            </div>
            <div>
              <div style="font-family:arial;font-size:small;">========================================</div>
              <div style="font-family:arial;font-size:small;">
                ########### Campanha Ajude o Marcio! ###########</div>
              <div style="font-family:arial;font-size:small;"><a href="http://sosmarcio.blogspot.com.br/" style="color:rgb(17,85,204);" target="_blank">http://sosmarcio.blogspot.com.br/</a></div>
              <div style="font-family:arial;font-size:small;"><a href="http://www.vakinha.com.br/VaquinhaP.aspx?e=195793" style="color:rgb(17,85,204);" target="_blank">http://www.vakinha.com.br/VaquinhaP.aspx?e=195793</a><br>

              </div>
              <div style="font-family:arial;font-size:small;">
                ========================================</div>
            </div>
          </div>
        </div>
        <br>
        <br>
        <div class="ecxgmail_quote">Em 31 de julho de 2013 12:37, Danilo
          Almeida <span dir="ltr">&lt;<a href="mailto:daniloricalmeida@gmail.com" target="_blank">daniloricalmeida@gmail.com</a>&gt;</span>
          escreveu:<br>
          <blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
            <div dir="ltr">surgiu uma dúvida referente a esses ataques,
              como sou inexperiente nessa parte de redes, não sei como
              funciona essas tentativas...
              <div><br>
              </div>
              <div>como que eles descobrem o servidor na rede?</div>
              <div>como conseguem fazer tantas tentativas de ataque
                simultaneamente?</div>
              <div><br>
              </div>
              <div>se alguém puder me esclarecer um pouco sobre esse
                assunto eu agradeço... até mesmo porque, precisamos
                conhecer as técnicas para nos proteger.</div>
              <div><br>
              </div>
              <div>Obrigado</div>
            </div>
            <div class="ecxgmail_extra">
              <br>
              <br>
              <div class="ecxgmail_quote">Em 31 de julho de 2013 13:33,
                Guilherme Rezende <span dir="ltr">&lt;<a href="mailto:asterisk@guilherme.eti.br" target="_blank">asterisk@guilherme.eti.br</a>&gt;</span>
                escreveu:
                <div>
                  <div>
                    <br>
                    <blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
                      <div> &nbsp;&nbsp;&nbsp; Gente,
                        eu não uso Fail2ban.&nbsp;&nbsp; Como esses ataques são
                        oriundos de redes externas ao BR, fiz o bloqueio
                        de todas as redes cujam origem não são BR. E
                        resolveu!!&nbsp; Não tenho problemas c/ ataques
                        mais...&nbsp; Os logs do meu Asterisk nunca mais
                        exibiram tentativa de logar via sip nos meus
                        servidores.&nbsp; Veja o código abaixo que é bem
                        simples, libero apenas as redes que estão
                        listadas, depois fecho tudo.&nbsp; Se não tiver
                        necessidade de ter alguém externo que logue no
                        seu servidor, o código abaixo resolve.&nbsp; Desative
                        todas suas regras de iptables, desative todos os
                        firewall´s e rode o script abaixo.<br>
                        <br>
                        #!/bin/bash<br>
                        ipt=/sbin/iptables<br>
                        $ipt -F<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://172.16.5.0/24" target="_blank">172.16.5.0/24</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://186.0.0.0/8" target="_blank">186.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://187.0.0.0/8" target="_blank">187.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://177.0.0.0/8" target="_blank">177.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://179.0.0.0/8" target="_blank">179.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://189.0.0.0/8" target="_blank">189.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a target="_blank">198.50.96.130</a> -p udp -j
                        ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://200.0.0.0/8" target="_blank">200.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -s <a href="http://201.0.0.0/8" target="_blank">201.0.0.0/8</a>
                        -p udp -j ACCEPT<br>
                        $ipt -A INPUT -i eth2 -p udp -j DROP<br>
                        <br>
                        <br>
                        <br>
                        Em 31/07/2013 13:12, Danilo Almeida escreveu:
                        <div>
                          <div>
                            <blockquote>
                              <div dir="ltr">recebi várias tentativas
                                neste final de semana, porém, o fail2ban
                                bloqueiou.
                                <div><br>
                                </div>
                                <div>DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; all&nbsp; --&nbsp; <a target="_blank">173.242.120.42</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                                  anywhere<br>
                                  <table border="0" cellpadding="4" cellspacing="0" height="300" width="297">
                                    <tbody>
                                      <tr>
                                        <td align="right">Nome do Host:</td>
                                        <td align="left" width="198"><a target="_blank">173.242.120.42</a></td>
                                      </tr>
                                      <tr>
                                        <td align="right">IP Address:</td>
                                        <td align="left"><a target="_blank">173.242.120.42</a></td>
                                      </tr>
                                      <tr>
                                        <td align="right">País:</td>
                                        <td align="left"><a href="http://en.wikipedia.org/wiki/united%20states" target="_blank"> United
                                            States</a> <img alt="united states" align="absmiddle"></td>
                                      </tr>
                                      <tr>
                                        <td align="right">Código do
                                          país:</td>
                                        <td align="left">US (USA)</td>
                                      </tr>
                                      <tr>
                                        <td align="right">Região:</td>
                                        <td align="left"><a href="http://en.wikipedia.org/wiki/Pennsylvania" target="_blank">Pennsylvania</a></td>
                                      </tr>
                                      <tr>
                                        <td align="right">Cidade:</td>
                                        <td align="left">Clarks Summit</td>
                                      </tr>
                                      <tr>
                                        <td align="right">Código postal:</td>
                                        <td align="left">18411</td>
                                      </tr>
                                      <tr>
                                        <td align="right">Código tel.:</td>
                                        <td align="left"><a href="http://en.wikipedia.org/wiki/Area_code#United_States" target="_blank">+1</a></td>
                                      </tr>
                                      <tr>
                                        <td align="right">Longitude:</td>
                                        <td align="left">-75.728</td>
                                      </tr>
                                      <tr>
                                        <td align="right">Latitude:</td>
                                        <td align="left">41.4486<br>
                                        </td>
                                      </tr>
                                    </tbody>
                                  </table>
                                </div>
                                <div class="ecxgmail_extra"><br>
                                </div>
                                <div class="ecxgmail_extra">
                                  <div class="ecxgmail_extra">[2013-07-27
                                    15:09:35] NOTICE[1775] chan_sip.c:
                                    Registration from '"shuang" <a target="_blank">&lt;sip:shuang@IP-Servidor&gt;</a>'
                                    failed for '<a href="http://173.242.120.42:5061/" target="_blank">173.242.120.42:5061</a>'
                                    - Wrong password</div>
                                  <div><br>
                                  </div>
                                  <div>
                                    <div>[2013-07-28 15:09:43]
                                      NOTICE[1775] chan_sip.c:
                                      Registration from '"chu" <a target="_blank">&lt;sip:chu@IP-servidor&gt;</a>'
                                      failed for '<a href="http://173.242.120.42:5081/" target="_blank">173.242.120.42:5081</a>'
                                      - Wrong password</div>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>[2013-07-29 15:09:45]
                                    NOTICE[1775] chan_sip.c:
                                    Registration from '"chu" <a target="_blank">&lt;sip:chu@IP-servidor&gt;</a>'
                                    failed for '<a href="http://173.242.120.42:5081/" target="_blank">173.242.120.42:5081</a>'
                                    - Wrong password<br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>[2013-07-30 15:09:47]
                                    NOTICE[1775] chan_sip.c:
                                    Registration from '"chu" <a target="_blank">&lt;sip:chu@IP-servido&gt;</a>'
                                    failed for '<a href="http://173.242.120.42:5081/" target="_blank">173.242.120.42:5081</a>'
                                    - Wrong password</div>
                                  <div class="ecxgmail_extra"><br>
                                  </div>
                                  se observarem, eu bloqueio as
                                  tentativas por 24 horas, sendo assim,
                                  o invasor permanecia tentando no dia
                                  seguinte, agora dei um BAN permanente
                                  nele... rsrs</div>
                                <div class="ecxgmail_extra"> <br>
                                </div>
                                <div class="ecxgmail_extra"><br>
                                  <div class="ecxgmail_quote">Em 31 de
                                    julho de 2013 12:50, Thiago Anselmo
                                    <span dir="ltr">&lt;<a href="mailto:thiagoo.anselmoo@gmail.com" target="_blank">thiagoo.anselmoo@gmail.com</a>&gt;</span>
                                    escreveu:<br>
                                    <blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
                                      <div dir="ltr">Amigo,
                                        <div><br>
                                        </div>
                                        <div>Já teve outro amigo aqui da
                                          lista que teve o mesmo
                                          problema, e o mesmo o fail2ban
                                          não pegou, pois eles não
                                          atacam penas 5060, existe
                                          outras fomras!!&nbsp;<br>
                                          <br>
                                          Como está ligado seu PABX?
                                          Está atrás de NAT ou
                                          diretamente um IP público
                                          ligado a ele?</div>
                                        <div><br>
                                        </div>
                                        <div>me diga que podemos
                                          realizar formas de fazer com o
                                          IPTABLES!! E fica bom!!!</div>
                                        <div>Bloqueia tudo e libera
                                          apenas para quem você deseja!</div>
                                      </div>
                                      <div class="ecxgmail_extra"><br>
                                        <br>
                                        <div class="ecxgmail_quote"> Em 31
                                          de julho de 2013 12:40, Marcio
                                          - Google <span dir="ltr">&lt;<a href="mailto:marciorp@gmail.com" target="_blank">marciorp@gmail.com</a>&gt;</span>
                                          escreveu:
                                          <div>
                                            <div><br>
                                              <blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
                                                <div dir="ltr">
                                                  <div style="font-family:arial,helvetica,sans-serif;">Exatamente

                                                    o que o Hudson disse
                                                    ...</div>
                                                  <div style="font-family:arial,helvetica,sans-serif;">Falha

                                                    no dimensionamento e
                                                    configuração.</div>
                                                </div>
                                                <div class="ecxgmail_extra"><br clear="all">
                                                  <div>
                                                    <div dir="ltr"><br>
                                                      [...]'s<br>
                                                      <br>
                                                      Marcio
                                                      <div><br>
                                                      </div>
                                                      <div>
                                                        <div style="font-family:arial;font-size:small;">========================================</div>
                                                        <div style="font-family:arial;font-size:small;">
                                                          ###########
                                                          Campanha Ajude
                                                          o Marcio!
                                                          ###########</div>
                                                        <div style="font-family:arial;font-size:small;"><a href="http://sosmarcio.blogspot.com.br/" style="color:rgb(17,85,204);" target="_blank">http://sosmarcio.blogspot.com.br/</a></div>

                                                        <div style="font-family:arial;font-size:small;"><a href="http://www.vakinha.com.br/VaquinhaP.aspx?e=195793" style="color:rgb(17,85,204);" target="_blank">http://www.vakinha.com.br/VaquinhaP.aspx?e=195793</a><br>

                                                        </div>
                                                        <div style="font-family:arial;font-size:small;">
========================================</div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                  <br>
                                                  <br>
                                                  <div class="ecxgmail_quote">Em
                                                    31 de julho de 2013
                                                    11:06, Hudson
                                                    Cardoso <span dir="ltr">&lt;<a href="mailto:hudsoncardoso@hotmail.com" target="_blank">hudsoncardoso@hotmail.com</a>&gt;</span>
                                                    escreveu:
                                                    <div>
                                                      <div> <br>
                                                        <blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
                                                          <div>
                                                          <div dir="ltr"><font style="font-size:12pt;" face="Arial" size="3">&nbsp; &nbsp;O Fail2ban não pegou,
                                                          porque ele ja
                                                          conseguiu
                                                          passar, isso
                                                          significa que
                                                          o teu firewall
                                                          não está
                                                          corretamente</font>
                                                          <div><font style="font-size:12pt;" face="Arial" size="3">dimensionado,

                                                          e/ou
                                                          configurado.</font></div>
                                                          <div><font style="font-size:12pt;" face="Arial" size="3">&nbsp; No
                                                          meu se fizer 3
                                                          tentativas,
                                                          bloqueia por
                                                          15 minutos, e
                                                          quando um
                                                          guest pede
                                                          acesso ao
                                                          diaplan,
                                                          simplesmente&nbsp;</font></div>
                                                          <div><font style="font-size:12pt;" face="Arial" size="3">dou
                                                          HangUp em
                                                          todos os
                                                          Guest.<br>
                                                          </font><br>
                                                          <br>
                                                          <pre style="line-height:17px;color:rgb(42,42,42);white-space:normal;">Hudson&nbsp;
<a target="_blank">(048) 8413-7000</a>
Para quem nao cre, nenhuma prova converte,Para aquele que cre, nenhuma prova precisa.&nbsp;</pre>
                                                          <br>
                                                          <br>
                                                          <div>&gt;
                                                          From: <a href="mailto:caiopato@gmail.com" target="_blank">caiopato@gmail.com</a><br>
                                                          &gt; Date:
                                                          Wed, 31 Jul
                                                          2013 11:47:25
                                                          -0300<br>
                                                          &gt; To: <a href="mailto:asteriskbrasil@listas.asteriskbrasil.org" target="_blank">asteriskbrasil@listas.asteriskbrasil.org</a><br>
                                                          &gt; Subject:
                                                          [AsteriskBrasil]

                                                          Ataque massivo
                                                          a partir do IP
                                                          <a target="_blank">67.207.137.49</a>
                                                          <div>
                                                          <div><br>
                                                          &gt; <br>
                                                          &gt; Eu estava
                                                          sendo vítima
                                                          de uma
                                                          tentativa de
                                                          ataque a
                                                          partir do IP<br>
                                                          &gt; <a target="_blank">67.207.137.49</a>
                                                          (Rackspace
                                                          Cloud
                                                          Servers),<br>
                                                          &gt; Foram
                                                          3548
                                                          tentativas em
                                                          10 minutos até
                                                          ser bloqueado
                                                          manualmente no
                                                          iptables.<br>
                                                          &gt; Não
                                                          investiguei a
                                                          fundo o método
                                                          do ataque, mas
                                                          basicamente
                                                          ele estava<br>
                                                          &gt; tentando
                                                          cavar uma
                                                          falha no
                                                          dialplan.<br>
                                                          &gt; <br>
                                                          &gt; No
                                                          console
                                                          apareceu:<br>
                                                          &gt; Jul 31
                                                          09:53:58
                                                          WARNING[18816]:
                                                          chan_sip.c:6903

                                                          get_destination:
                                                          Huh?<br>
                                                          &gt; Not a SIP
                                                          header
                                                          (tel:1900442075005000)?<br>
                                                          &gt; ...<br>
                                                          &gt; Jul 31
                                                          10:04:37
                                                          WARNING[18816]:
                                                          chan_sip.c:6903

                                                          get_destination:
                                                          Huh?<br>
                                                          &gt; Not a SIP
                                                          header
                                                          (tel:2440900442075005000)?<br>
                                                          &gt; <br>
                                                          &gt; Note que
                                                          o atacando
                                                          manteve o
                                                          sufixo e
                                                          alterava só o
                                                          prefixo (19,
                                                          29,<br>
                                                          &gt; 39, ....
                                                          até chegar no
                                                          24409 quando
                                                          eu bloqueei
                                                          via iptables.<br>
                                                          &gt; <br>
                                                          &gt; Esse tipo
                                                          de ataque NÃO
                                                          É identificado
                                                          pelo fail2ban
                                                          pois não há
                                                          logs gerados.<br>
                                                          &gt; <br>
                                                          &gt; O
                                                          telefone
                                                          00442075005000
                                                          pertence a um
                                                          banco (Citi)
                                                          em Londres.
                                                          Pode<br>
                                                          &gt; ser
                                                          apenas um
                                                          número teste -
                                                          se o atacante
                                                          receber
                                                          "CONNECT", a<br>
                                                          &gt; tentativa
                                                          foi bem
                                                          sucedida e ele
                                                          descarrega um
                                                          caminhão de
                                                          chamadas<br>
                                                          &gt; para
                                                          outros
                                                          destinos.<br>
                                                          &gt; <br>
                                                          &gt; Então
                                                          vale o eterno
                                                          conselho:
                                                          fique de olho
                                                          - não confie
                                                          só no
                                                          fail2ban.<br>
                                                          &gt;
                                                          _______________________________________________<br>
                                                          &gt; KHOMP:
                                                          completa linha
                                                          de placas
                                                          externas FXO,
                                                          FXS, GSM e E1;<br>
                                                          &gt; Media
                                                          Gateways de 1
                                                          a 64 E1s para
                                                          SIP com R2,
                                                          ISDN e SS7;<br>
                                                          &gt;
                                                          Intercomunicadores
                                                          para acesso
                                                          remoto via
                                                          rede IP.
                                                          Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
                                                          &gt;
                                                          _______________________________________________<br>
                                                          &gt; ALIGERA –
                                                          Fabricante
                                                          nacional de
                                                          Gateways
                                                          SIP-E1 para
                                                          R2, ISDN e
                                                          SS7.<br>
                                                          &gt; Placas de
                                                          1E1, 2E1, 4E1
                                                          e 8E1 para PCI
                                                          ou PCI
                                                          Express.<br>
                                                          &gt; Channel
                                                          Bank –
                                                          Appliance
                                                          Asterisk -
                                                          Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
                                                          &gt;
                                                          _______________________________________________<br>
                                                          &gt; Para
                                                          remover seu
                                                          email desta
                                                          lista, basta
                                                          enviar um
                                                          email em
                                                          branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <br>
_______________________________________________<br>
                                                          KHOMP:
                                                          completa linha
                                                          de placas
                                                          externas FXO,
                                                          FXS, GSM e E1;<br>
                                                          Media Gateways
                                                          de 1 a 64 E1s
                                                          para SIP com
                                                          R2, ISDN e
                                                          SS7;<br>
                                                          Intercomunicadores
                                                          para acesso
                                                          remoto via
                                                          rede IP.
                                                          Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
                                                          ALIGERA –
                                                          Fabricante
                                                          nacional de
                                                          Gateways
                                                          SIP-E1 para
                                                          R2, ISDN e
                                                          SS7.<br>
                                                          Placas de 1E1,
                                                          2E1, 4E1 e 8E1
                                                          para PCI ou
                                                          PCI Express.<br>
                                                          Channel Bank –
                                                          Appliance
                                                          Asterisk -
                                                          Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
                                                          Para remover
                                                          seu email
                                                          desta lista,
                                                          basta enviar
                                                          um email em
                                                          branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                                                        </blockquote>
                                                      </div>
                                                    </div>
                                                  </div>
                                                  <br>
                                                </div>
                                                <br>
_______________________________________________<br>
                                                KHOMP: completa linha de
                                                placas externas FXO,
                                                FXS, GSM e E1;<br>
                                                Media Gateways de 1 a 64
                                                E1s para SIP com R2,
                                                ISDN e SS7;<br>
                                                Intercomunicadores para
                                                acesso remoto via rede
                                                IP. Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
                                                ALIGERA – Fabricante
                                                nacional de Gateways
                                                SIP-E1 para R2, ISDN e
                                                SS7.<br>
                                                Placas de 1E1, 2E1, 4E1
                                                e 8E1 para PCI ou PCI
                                                Express.<br>
                                                Channel Bank – Appliance
                                                Asterisk - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
                                                Para remover seu email
                                                desta lista, basta
                                                enviar um email em
                                                branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                                              </blockquote>
                                            </div>
                                          </div>
                                        </div>
                                        <span><font color="#888888"> <br>
                                            <br clear="all">
                                            <div><br>
                                            </div>
                                            -- <br>
                                            Thiago Anselmo </font></span></div>
                                      <br>
_______________________________________________<br>
                                      KHOMP: completa linha de placas
                                      externas FXO, FXS, GSM e E1;<br>
                                      Media Gateways de 1 a 64 E1s para
                                      SIP com R2, ISDN e SS7;<br>
                                      Intercomunicadores para acesso
                                      remoto via rede IP. Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
                                      ALIGERA – Fabricante nacional de
                                      Gateways SIP-E1 para R2, ISDN e
                                      SS7.<br>
                                      Placas de 1E1, 2E1, 4E1 e 8E1 para
                                      PCI ou PCI Express.<br>
                                      Channel Bank – Appliance Asterisk
                                      - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
                                      Para remover seu email desta
                                      lista, basta enviar um email em
                                      branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                                    </blockquote>
                                  </div>
                                  <br>
                                  <br clear="all">
                                  <div><br>
                                  </div>
                                  -- <br>
                                  <div dir="ltr"><b><font color="#0000ff">att</font></b>
                                    <div><b><font color="#0000ff">Danilo
                                          Almeida</font></b></div>
                                  </div>
                                </div>
                              </div>
                              <br>
                              <fieldset></fieldset>
                              <br>
                              <pre>_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.
_______________________________________________
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>

                            </blockquote>
                            <br>
                          </div>
                        </div>
                      </div>
                      <br>
                      _______________________________________________<br>
                      KHOMP: completa linha de placas externas FXO, FXS,
                      GSM e E1;<br>
                      Media Gateways de 1 a 64 E1s para SIP com R2, ISDN
                      e SS7;<br>
                      Intercomunicadores para acesso remoto via rede IP.
                      Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
                      _______________________________________________<br>
                      ALIGERA – Fabricante nacional de Gateways SIP-E1
                      para R2, ISDN e SS7.<br>
                      Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI
                      Express.<br>
                      Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
                      _______________________________________________<br>
                      Para remover seu email desta lista, basta enviar
                      um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
                    </blockquote>
                  </div>
                </div>
              </div>
              <span><font color="#888888">
                  <br>
                  <br clear="all">
                  <div><br>
                  </div>
                  -- <br>
                  <div dir="ltr"><b><font color="#0000ff">att</font></b>
                    <div><b><font color="#0000ff">Danilo
                          Almeida</font></b></div>
                  </div>
                </font></span></div>
            <br>
            _______________________________________________<br>
            KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>
            Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>
            Intercomunicadores para acesso remoto via rede IP. Conheça
            em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
            _______________________________________________<br>
            ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2,
            ISDN e SS7.<br>
            Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
            Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
            _______________________________________________<br>
            Para remover seu email desta lista, basta enviar um email em
            branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.
_______________________________________________
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org" target="_blank">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>

    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>
Intercomunicadores para acesso remoto via rede IP. Conheça em <a href="http://www.khomp.com/" target="_blank">www.Khomp.com</a>.<br>
_______________________________________________<br>
ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.<br>
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>
Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br/" target="_blank">www.aligera.com.br</a>.<br>
_______________________________________________<br>
Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a><br></blockquote></div>
<br></div>
_______________________________________________<br>KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;<br>Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;<br>Intercomunicadores para acesso remoto via rede IP. Conheça em <a href="http://www.Khomp.com" target="_blank">www.Khomp.com</a>.<br>_______________________________________________<br>ALIGERA – Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.<br>Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.<br>Channel Bank – Appliance Asterisk - Acesse <a href="http://www.aligera.com.br" target="_blank">www.aligera.com.br</a>.<br>_______________________________________________<br>Para remover seu email desta lista, basta enviar um email em branco para <a href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></blockquote></div><br></div><br>_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe�a em www.Khomp.com.
_______________________________________________
ALIGERA � Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank � Appliance Asterisk - Acesse www.aligera.com.br.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</div></div></div></div>                                               </div></body>
</html>