[AsteriskBrasil] RES: (URGENTE) Tentativa de Invasão?

SONAVoIP TELECOM | Suporte - Roberto Soares suporte em sonavoip.com.br
Sexta Janeiro 22 11:44:31 BRST 2010 

Bom dia Bruno,

 

Realmente acredito que seja tentativa de invasão. Já sofremos isso em alguns de nossos servidores, o pessoal descobre seu sip Server, e simplesmente usam de sistemas e mandam varias tentativas de registro, com usuário e senha, na verdade, ele não descobriu seu usuário, ele manda aleatoriamente varias combinações tentando registrar. O que nos usamos para combater isso, é o constante monitoramento do nosso sistema, e quando se observa esta tentativa de invasão, automaticamente bloqueamos  o IP, e aquele ip não consegue mais mandar. Cuidado pra não bloquear ip de cliente seu.

 

Abraço

 

 

 

Roberto Soares

---------------------------------------------------- 

SONAVoIP - CONECTANDO PESSOAS!!!

(MSN)suporte em sonavoip.com.br

 <http://www.soaresnascimento.com.br/> www.sonavoip.com.br

 

55-33-3038-0251   G. Valadares      

55-31-3059-0420   Ipatinga    

55-31-3058-0147   Belo horizonte

55-71-2626-0205   Salvador

55-21-3005-0206   Rio de Janeiro

55-11-2626-4583   São Paulo

 

cid:image001.jpg em 01CA7511.6EBCEF10

 

De: asteriskbrasil-bounces em listas.asteriskbrasil.org [mailto:asteriskbrasil-bounces em listas.asteriskbrasil.org] Em nome de brunoantognolli em email.com
Enviada em: sexta-feira, 22 de janeiro de 2010 10:37
Para: asteriskbrasil em listas.asteriskbrasil.org
Assunto: [AsteriskBrasil] (URGENTE) Tentativa de Invasão?

 

 

Pessoal, estava olhando o Log do Asterisk e ví a seguinte msg:

 

[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password
[Jan 22 10:00:25] NOTICE[14350]: chan_sip.c:15593 handle_request_register: Registration from '"1013" <sip:1013 em XXX.XXX.XXX.XXX>' failed for '174.129.173.249' - Wrong password

Notem que em 1 segundo o "invasor" tentou várias vezes se registrar no sip 1013 (através do método BruteForce) pelo meu link do speedy. O IP do "invasor" é 174.129.173.249.

 

Isso seria uma tentativa de invasão? 

 

Se sim, como ele conseguiu acesso aos meus ramais SIP?

O que preciso fazer para tirar esse cara da rede?

 

Em uma pesquisa rápida descobri que esse IP é de Washington.

http://www.botsvsbrowsers.com/ip/174.129.173.249/index.html

 

Estou alarmado a toa ou é realmente uma tentativa de invasão?

 

Obrigado lista.

Nenhum vírus encontrado nessa mensagem recebida.
Verificado por AVG - www.avgbrasil.com.br
Versão: 9.0.730 / Banco de dados de vírus: 271.1.1/2636 - Data de Lançamento: 01/22/10 05:34:00

-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20100122/ab0fa8c9/attachment-0001.htm 
-------------- Próxima Parte ----------
Um anexo não texto foi limpo...
Nome  : não disponível
Tipo  : image/jpeg
Tam   : 2081 bytes
Descr.: não disponível
Url   : http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20100122/ab0fa8c9/attachment-0001.jpeg

Mais detalhes sobre a lista de discussão AsteriskBrasil