Retirado do link que Saulo passou: "... Utilize a opção "alwaysauthreject=yes" dentro da seção [general] do seu sip.conf. Esta opção fará que o Asterisk responda a requisições de usuários válidos com credenciais invalidas da mesma maneira que ele faz para usuários inválidos; ... "
On Nov 4, 2009, at 2:00 PM, Luciano Antonio Borguetti Faustino wrote: > Não culparia o Asterisk > > http://www.ietf.org/rfc/rfc3261.txt - Sessão 10 Registrations > > :-) > > []s > > > 2009/11/4 José Eduardo C. Mazolini <eduardo_mazol...@yahoo.com> > Eu acabo de fazer um teste com X-LITE > E o asterisk é um problema, aconselho colocar um router SIP na > frente e tratar esse problema. > Ele não devia mostrar para o atacante qual ramal existe qual não. > Pois depois de identificado o ramal existente ele passa a testar > senhas. > > Obrigado pela dica do programa pois é necessário criar algo > automático pra bloqueio de intrusos. > Já ouvi falar em um serviço semelhante a DNS onde são cadastrados > maquinas que geram ataque e esse registro dura algumas horas. > Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip > la, vc antes de autorizar uma conexão já confere nesta lista se > tiver vc ja bloqueia de cara o atacante. > > Isso pode ser complicado pois alguem mal intencionado pode fazer > falsas acusações contra vc e vc fica bloqueado sem ter feito nada. > Mas criar uma base desta com controle sobre os que fazem a denucia, > só servidores da empresa, grupo de trabalho, empresas que possuem > negocio em comum pode ajudar. > > Observe o que aconteceu: > > Ramal 1 inexistente: > x-lite: REGISTER > Asterisk: 404 Not found > > Ramal 2 existente > x-lite: REGISTER > Asterisk: 100 Trying > Asterisk: 401 Unauthorized > x-lite: REGISTER > Asterisk: 100 Trying > Asterisk: 403 Forbidden (Bad auth) > > > > > > Eduardo Mazolini > (19) 9191-2705 > > > De: Luciano Antonio Borguetti Faustino <lucianoborguetti.lis...@gmail.com > > > > Para: asteriskbrasil@listas.asteriskbrasil.org > Enviadas: Quarta-feira, 4 de Novembro de 2009 13:40:10 > > Assunto: Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk > > Eder, > > Interessante, > > Trantando o problema mais profissionamente acoselho a instalação de > um IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você > consegue identificar esses tipos de ataques e criar ações, como > exemplo o bloqueio do host atacante. > > []s, > > 2009/11/4 Itamar Reis Peixoto <ita...@ispbrasil.com.br> > eu continuo com a minha opiniao de que iptables e' pra boiola > > route add -host 208.38.164.96 reject > > resolve o problema ! > > > > 2009/11/4 Eder Souza <eder.so...@bsd.com.br> > > > > Log do Asterisk segue ae para vc ver um ataque massivo chutando > users sips, repare quantos users ele conseguiu chutar em apenas um > segundo !!! > > > > > > uma amostra do log referente ao ataque !!! > > > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"0"<sip:0...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"1"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"2"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"3"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"4"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"5"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"6"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"7"<sip:7...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"8"<sip:8...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"9"<sip:9...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"10"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"11"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"12"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"13"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"14"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"15"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"16"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"17"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"18"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"19"<sip:1...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"20"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"21"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"22"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"23"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"24"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"25"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"26"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"27"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"28"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"29"<sip:2...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"30"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"31"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"32"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"33"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"34"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"35"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"36"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"37"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"38"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"39"<sip:3...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"40"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"41"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"42"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"43"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"44"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"45"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"46"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"47"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"48"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"49"<sip:4...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"50"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"51"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"52"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"53"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"54"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"55"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"56"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"57"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"58"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from > > '"59"<sip:5...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"60"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"61"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"62"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"63"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"64"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"65"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from > > '"66"<sip:6...@ip > >' failed for '208.38.164.96' - No matching peer found > > > ------------ > > Itamar Reis Peixoto > > e-mail/msn/google talk/sip: ita...@ispbrasil.com.br > skype: itamarjp > icq: 81053601 > +55 11 4063 5033 > +55 34 3221 8599 > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > > -- > #!/bin/bash > > Luciano Antonio Borguetti Faustino > GNU/Linux user number: 339110 > ICQ UIN number: 82092097 - ICQ ainda na atividade :) > http://lucianoborguetti.blogspot.com > > Preconceito é opinião sem conhecimento. > > :wq > > Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10 - > Celebridades - Música - Esportes > > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > > -- > #!/bin/bash > > Luciano Antonio Borguetti Faustino > GNU/Linux user number: 339110 > ICQ UIN number: 82092097 - ICQ ainda na atividade :) > http://lucianoborguetti.blogspot.com > > Preconceito é opinião sem conhecimento. > > :wq > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil
