[AsteriskBrasil] (URGENTE) Tentativa de Invasão?
Roniton Rezende Oliveira
roniton em gmail.com
Sexta Janeiro 22 11:16:49 BRST 2010
Leia o artigo do Guilherme Loch Góes - Segurança no Asterisk
(http://www.voipexperts.com.br/Tutoriais-sobre-Asterisk-e-VoIP/Seguranca-no-Asterisk)
ou o original (http://blogs.digium.com/2009/03/28/sip-security/)
Roniton Oliveira
2010/1/22 <brunoantognolli em email.com>:
>
>
> Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:
>
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> [Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register:
> Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for
> '174.129.173.249' - Wrong password
> Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip
> 1013 (através do método BruteForce) pelo meu link do speedy. O IP do
> "invasor" é 174.129.173.249.
>
> Isso seria uma tentativa de invasão?
>
> Se sim, como ele conseguiu acesso aos meus ramais SIP?
> O que preciso fazer para tirar esse cara da rede?
>
> Em uma pesquisa rápida descobri que esse IP é de Washington.
> http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html
>
> Estou alarmado a toa ou é realmente uma tentativa de invasão?
>
> Obrigado lista.
> _______________________________________________
> KHOMP: qualidade em placas de E1, GSM, FXS e FXO para Asterisk.
> - Hardware com alta disponibilidade de recursos e qualidade KHOMP
> - Suporte técnico local qualificado e gratuito
> Conheça a linha completa de produtos KHOMP em www.khomp.com.br
> _______________________________________________
> Lista de discussões AsteriskBrasil.org
> AsteriskBrasil em listas.asteriskbrasil.org
> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
>
Mais detalhes sobre a lista de discussão AsteriskBrasil