Uma boa prática é ler o email até o final.. On Nov 4, 2009, at 5:01 PM, José Eduardo C. Mazolini wrote:
> Qual versão do asterisk? > To usando 1.4.21.2 ... > Testado com asterisk 1.4.26 ... ;-) > > []´s []'s > > Eduardo Mazolini > (19) 9191-2705 > > > > On Nov 4, 2009, at 2:37 PM, José Eduardo C. Mazolini wrote: > >> Testei alwaysauthreject=yes >> >> >> Ainda sim o asterisk trata diferente. Ou seja comeu mais >> processador, mais rede e o assunto mesmo não resolveu. >> Portanto tanto faz com ou sem. >> >> Ramal 1 inexistente: >> x-lite: REGISTER >> Asterisk: 401 Unauthorized >> x-lite: REGISTER >> Asterisk: 401 Unauthorized >> x-lite: REGISTER >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> Asterisk: 401 Unauthorized >> >> Ramal 2 existente >> x-lite: REGISTER >> Asterisk: 100 Trying >> Asterisk: 401 Unauthorized >> x-lite: REGISTER >> Asterisk: 100 Trying >> Asterisk: 403 Forbidden (Bad auth) >> >> >> Eduardo Mazolini >> (19) 9191-2705 >> >> >> >> ----- Mensagem original ---- >> De: Saulo Quinteiro <sauloquinte...@gmail.com> >> Para: asteriskbrasil@listas.asteriskbrasil.org >> Enviadas: Quarta-feira, 4 de Novembro de 2009 14:34:55 >> Assunto: Re: [AsteriskBrasil] Res: RES: Vulnerabilidade Asterisk >> >> José da uma olhada nesse link. >> >> http://www.voipexperts.com.br/tutoriais-sobre-asterisk-e-voip/seguranca-no-asterisk >> >> E um Firewall bem elaborado ajuda bastante tb. >> Vai ajudar no seu problema. >> >> >> Saulo Quinteiro Dos Santos >> Fone: 41-2141-9567 >> Graduando em Ciência da Computação - UFPR >> msn : sauloquinte...@gmail.com >> e-mail: sa...@mpsinf.com.br >> cel : 41-9927-5236 >> >> >> >> >> José Eduardo C. Mazolini escreveu: >>> Eu acabo de fazer um teste com X-LITE >>> E o asterisk é um problema, aconselho colocar um router SIP na >>> frente e >>> tratar esse problema. >>> Ele não devia mostrar para o atacante qual ramal existe qual não. >>> Pois >>> depois de identificado o ramal existente ele passa a testar senhas. >>> >>> Obrigado pela dica do programa pois é necessário criar algo >>> automático >>> pra bloqueio de intrusos. >>> Já ouvi falar em um serviço semelhante a DNS onde são cadastrados >>> maquinas que geram ataque e esse registro dura algumas horas. >>> Assim se alguem atacar meu asterisk eu bloqueio e registro esse ip >>> la, >>> vc antes de autorizar uma conexão já confere nesta lista se tiver >>> vc ja >>> bloqueia de cara o atacante. >>> >>> Isso pode ser complicado pois alguem mal intencionado pode fazer >>> falsas >>> acusações contra vc e vc fica bloqueado sem ter feito nada. >>> Mas criar uma base desta com controle sobre os que fazem a denucia, >>> só >>> servidores da empresa, grupo de trabalho, empresas que possuem >>> negocio >>> em comum pode ajudar. >>> >>> Observe o que aconteceu: >>> >>> Ramal 1 inexistente: >>> x-lite: REGISTER >>> Asterisk: 404 Not found >>> >>> Ramal 2 existente >>> x-lite: REGISTER >>> Asterisk: 100 Trying >>> Asterisk: 401 Unauthorized >>> x-lite: REGISTER >>> Asterisk: 100 Trying >>> Asterisk: 403 Forbidden (Bad auth) >>> >>> >>> >>> >>> Eduardo Mazolini >>> (19) 9191-2705 >>> >>> >>> ------------------------------------------------------------------------ >>> *De:* Luciano Antonio Borguetti Faustino <lucianoborguetti.lis...@gmail.com >>>> >>> *Para:* asteriskbrasil@listas.asteriskbrasil.org >>> *Enviadas:* Quarta-feira, 4 de Novembro de 2009 13:40:10 >>> *Assunto:* Re: [AsteriskBrasil] RES: Vulnerabilidade Asterisk >>> >>> Eder, >>> >>> Interessante, >>> >>> Trantando o problema mais profissionamente acoselho a instalação de >>> um >>> IDS/IPS (Snort por exemplo -http://www.snort.org/), onde você >>> consegue >>> identificar esses tipos de ataques e criar ações, como exemplo o >>> bloqueio do host atacante. >>> >>> []s, >>> >>> 2009/11/4 Itamar Reis Peixoto <ita...@ispbrasil.com.br >>> <mailto:ita...@ispbrasil.com.br>> >>> >>> eu continuo com a minha opiniao de que iptables e' pra boiola >>> >>> route add -host 208.38.164.96 reject >>> >>> resolve o problema ! >>> >>> >>> >>> 2009/11/4 Eder Souza <eder.so...@bsd.com.br >>> <mailto:eder.so...@bsd.com.br>> >>>> >>>> Log do Asterisk segue ae para vc ver um ataque massivo chutando >>> users sips, repare quantos users ele conseguiu chutar em apenas um >>> segundo !!! >>>> >>>> >>>> uma amostra do log referente ao ataque !!! >>>> >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"0"<sip:0...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"1"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"2"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"3"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"4"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"5"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"6"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"7"<sip:7...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"8"<sip:8...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"9"<sip:9...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"10"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"11"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"12"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"13"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"14"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"15"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"16"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"17"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"18"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"19"<sip:1...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"20"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"21"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"22"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"23"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"24"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"25"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"26"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"27"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"28"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"29"<sip:2...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"30"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"31"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"32"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"33"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"34"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"35"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"36"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"37"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"38"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"39"<sip:3...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"40"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"41"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"42"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"43"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"44"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"45"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"46"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"47"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"48"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"49"<sip:4...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"50"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"51"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"52"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"53"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"54"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"55"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"56"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"57"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"58"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:26] NOTICE[2751] chan_sip.c: Registration from >>> '"59"<sip:5...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"60"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"61"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"62"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"63"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"64"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"65"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>>> [Oct 12 09:31:27] NOTICE[2751] chan_sip.c: Registration from >>> '"66"<sip:6...@ip>' failed for '208.38.164.96' - No matching peer >>> found >>> >>> >>> ------------ >>> >>> Itamar Reis Peixoto >>> >>> e-mail/msn/google talk/sip: ita...@ispbrasil.com.br >>> <mailto:ita...@ispbrasil.com.br> >>> skype: itamarjp >>> icq: 81053601 >>> +55 11 4063 5033 >>> +55 34 3221 8599 >>> >>> _______________________________________________ >>> http://www.voipmania.com.br >>> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >>> Promoção por tempo limitado! >>> Acesse agora http://promo.voipmania.com.br >>> >>> _______________________________________________ >>> Lista de discussões AsteriskBrasil.org >>> AsteriskBrasil@listas.asteriskbrasil.org >>> <mailto:AsteriskBrasil@listas.asteriskbrasil.org> >>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >>> >>> >>> >>> >>> -- >>> #!/bin/bash >>> >>> Luciano Antonio Borguetti Faustino >>> GNU/Linux user number: 339110 >>> ICQ UIN number: 82092097 - ICQ ainda na atividade :) >>> http://lucianoborguetti.blogspot.com >>> >>> Preconceito é opinião sem conhecimento. >>> >>> :wq >>> >>> ------------------------------------------------------------------------ >>> Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10 >>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/ >>>> >>> - Celebridades >>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/celebridades/ >>>> >>> - Música >>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/m%C3%BAsica/ >>>> >>> - Esportes >>> <http://br.rd.yahoo.com/mail/taglines/mail/*http://br.maisbuscados.yahoo.com/esportes/ >>>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> _______________________________________________ >>> http://www.voipmania.com.br >>> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >>> Promoção por tempo limitado! >>> Acesse agora http://promo.voipmania.com.br >>> >>> _______________________________________________ >>> Lista de discussões AsteriskBrasil.org >>> AsteriskBrasil@listas.asteriskbrasil.org >>> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >> >> _______________________________________________ >> http://www.voipmania.com.br >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >> Promoção por tempo limitado! >> Acesse agora http://promo.voipmania.com.br >> >> _______________________________________________ >> Lista de discussões AsteriskBrasil.org >> AsteriskBrasil@listas.asteriskbrasil.org >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil >> >> >> >> >> ____________________________________________________________________________________ >> Veja quais são os assuntos do momento no Yahoo! +Buscados >> http://br.maisbuscados.yahoo.com >> >> _______________________________________________ >> http://www.voipmania.com.br >> Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. >> Promoção por tempo limitado! >> Acesse agora http://promo.voipmania.com.br >> >> _______________________________________________ >> Lista de discussões AsteriskBrasil.org >> AsteriskBrasil@listas.asteriskbrasil.org >> http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil > > > > > ____________________________________________________________________________________ > Veja quais são os assuntos do momento no Yahoo! +Buscados > http://br.maisbuscados.yahoo.com > > _______________________________________________ > http://www.voipmania.com.br > Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. > Promoção por tempo limitado! > Acesse agora http://promo.voipmania.com.br > > _______________________________________________ > Lista de discussões AsteriskBrasil.org > AsteriskBrasil@listas.asteriskbrasil.org > http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil _______________________________________________ http://www.voipmania.com.br Telefone IP sem fio Gigaset A580IP por 6 x R$59,90. Promoção por tempo limitado! Acesse agora http://promo.voipmania.com.br _______________________________________________ Lista de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil