Intento Hack Asterisk. Fuerza Bruta contra Asterisk

Posted on por

Hoy me encontraba navegando tranquilamente y monitorizando todos los servidores propios, cuando de repente en la consola de asterisk me aparece lo siguiente:

[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5465″<sip:5465@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5466″<sip:5466@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5467″<sip:5467@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5468″<sip:5468@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»44114411″<sip:44114411@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5469″<sip:5469@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5470″<sip:5470@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»44124412″<sip:44124412@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5471″<sip:5471@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5472″<sip:5472@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5473″<sip:5473@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»44134413″<sip:44134413@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5474″<sip:5474@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5475″<sip:5475@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5476″<sip:5476@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»44144414″<sip:44144414@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5477″<sip:5477@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5478″<sip:5478@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5479″<sip:5479@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5480″<sip:5480@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5481″<sip:5481@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5482″<sip:5482@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5483″<sip:5483@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5484″<sip:5484@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5485″<sip:5485@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5486″<sip:5486@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5487″<sip:5487@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5488″<sip:5488@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5489″<sip:5489@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5490″<sip:5490@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5491″<sip:5491@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5492″<sip:5492@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5493″<sip:5493@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5494″<sip:5494@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘»5495″<sip:5495@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found

Es obvio que estan atacando a nuestro asterisk con un ataque Brute Force (Fuerza bruta).
Seguro que no es ningúna persona fisica si no cualquier máquina comprometida con software instalado para tal fin
(Encontrar máquinas con asterisk y realizár ataques de fuerza bruta).
Con la cual pueden intentar millones de combinaciones para autentificarse en nuestro Asterisk.

La ip que generaba esto era la: 139.153.12.78 y según he podido averiguar es de una universidad de UK la cual tiene asignado un rango de ips que es el siguiente:

139.153.0.0/16

La solución fué sencilla, para este tema, Iptables como no 😛

iptables -t filter -A INPUT -s 139.153.0.0/16 -j DROP

Todo el tráfico que venga de ese rango, lo dropeará.

Ya he informado a la gente que administra dicha red y se han puesto manos a la obra para solventar el problema.

Saludos.

Share

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image