Hoy me encontraba navegando tranquilamente y monitorizando todos los servidores propios, cuando de repente en la consola de asterisk me aparece lo siguiente:<\/p>\n
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5465″<sip:5465@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5466″<sip:5466@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5467″<sip:5467@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5468″<sip:5468@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb44114411″<sip:44114411@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5469″<sip:5469@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5470″<sip:5470@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb44124412″<sip:44124412@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5471″<sip:5471@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5472″<sip:5472@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5473″<sip:5473@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb44134413″<sip:44134413@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5474″<sip:5474@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5475″<sip:5475@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5476″<sip:5476@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb44144414″<sip:44144414@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5477″<sip:5477@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5478″<sip:5478@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5479″<sip:5479@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5480″<sip:5480@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5481″<sip:5481@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5482″<sip:5482@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5483″<sip:5483@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5484″<sip:5484@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5485″<sip:5485@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5486″<sip:5486@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5487″<sip:5487@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5488″<sip:5488@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5489″<sip:5489@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5490″<sip:5490@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5491″<sip:5491@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5492″<sip:5492@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5493″<sip:5493@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5494″<sip:5494@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found
\n[Feb 26 00:54:13] NOTICE[8658]: chan_sip.c:21821 handle_request_register: Registration from ‘\u00bb5495″<sip:5495@81.56.122.35>’ failed for ‘139.153.12.78’ – No matching peer found\n<\/p><\/blockquote>\nEs obvio que estan atacando a nuestro asterisk con un ataque Brute Force (Fuerza bruta).
\nSeguro que no es ning\u00fana persona fisica si no cualquier m\u00e1quina comprometida con software instalado para tal fin
\n(Encontrar m\u00e1quinas con asterisk y realiz\u00e1r ataques de fuerza bruta).
\nCon la cual pueden intentar millones de combinaciones para autentificarse en nuestro Asterisk.<\/p>\nLa ip que generaba esto era la: 139.153.12.78 y seg\u00fan he podido averiguar es de una universidad de UK la cual tiene asignado un rango de ips que es el siguiente: <\/p>\n
\n139.153.0.0\/16\n<\/p><\/blockquote>\n
\nLa soluci\u00f3n fu\u00e9 sencilla, para este tema, Iptables como no \ud83d\ude1b<\/p>\n
\niptables -t filter -A INPUT -s 139.153.0.0\/16 -j DROP\n<\/p><\/blockquote>\n
\nTodo el tr\u00e1fico que venga de ese rango, lo dropear\u00e1.<\/p>\n
Ya he informado a la gente que administra dicha red y se han puesto manos a la obra para solventar el problema.<\/p>\n
Saludos.<\/p>\n