Issuu on Google+


Como Bloquear ataques contra su Central Telefónica From MikroTik Wiki

Intro Existen diferentes técnicas para atacar a una central IP. Hoy en día es muy común la práctica de buscar con un scanner algún sistema PBX IP SIP con el puerto 5060 abierto y luego tratar de atacarlo con fuerza bruta. La manera de poder minimizar este abuso en nuestras redes cuando tenemos una Central IP con acceso público es utilizando una lista de IPs atacantes y colocarlas en un address list para luego dropearlas en el firewall. El proyecto infiltrated.net es un grupo de compañias que tienen centrales IP y que cuando detectan un ataque hacia ellas desde algún IP, a éste se lo reporta con una series de datos para que pueda verificar su origen y tomar alguna protección al respecto. Mas información en: http://infiltrated.net/voipabuse/ El listado de direcciones IP está en: http://www.infiltrated.net/vabl.txt

Script He realizado un script que periódicamente chequea el sitio con el listado de las direcciones IP anteriormente mencionado y devuelve el resultado con el formato que acepta MikroTik RouterOS para generar un address list llamada sip_attack. Cada vez que es ejecutado o importado el script, es recomendable limpiar el address list. Acceso al script: http://mikrotikexpert.com/sip_attack/ El formato es similar a este: # Sistema de protección de ataques SIP - Proyecto VoIP Abuse # Utilizando las fuentes del proyecto http://infiltrated.net/ # http://www.infiltrated.net/vabl.txt # Generación de address list automática para firewall en MikroTik RouterOS # Uso bajo su propia responsabilidad. No hay garantía de nada. # Generado el: 07:34:26 - 01/02/11 # Por Maximiliano Dobladez | http://maxid.com.ar | http://mikrotikexpert.com | maxi@mikrotikexpert.com # :log info "Eliminando las entradas anteriores ..." ; /ip firewall address-list remove [find list=sip_attack_drop ] ; :log info "Bajando la lista ..." ; /ip firewall address-list add address=108.15.65.155 list=sip_attack_drop comment="VoIP ATTACK"


/ip firewall address-list add address=109.111.102.206 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=109.235.49.184 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=109.242.168.31 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=110.136.205.102 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=110.137.183.223 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=110.138.141.2 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=111.11.52.193 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=112.137.128.4 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=112.202.17.228 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=113.12.94.99 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=113.161.227.103 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=113.162.118.37 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=113.162.238.6 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=113.17.144.132 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=113.65.169.163 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.143.225.114 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.143.96.176 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.207.113.55 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.247.18.14 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.255.100.163 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.33.171.67 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=114.33.171.67 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=115.135.211.110 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=115.168.71.84 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=115.168.71.84 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=115.78.162.239 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.236.180.100 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.50.153.44 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK"


/ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.130 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.131 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.131 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.131 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.131 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=116.55.226.131 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=117.102.253.117 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=117.16.44.44 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=117.193.161.55 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=117.194.9.29 list=sip_attack_drop comment="VoIP ATTACK" /ip firewall address-list add address=117.206.144.165 list=sip_attack_drop comment="VoIP ATTACK"

Para ser utilizada desde MikroTik RouterOS: /tool fetch address=mikrotikexpert.com host=mikrotikexpert.com srcpath=/sip_attack/ dst-path=sip_attack.rsc mode=http

DespuĂŠs se puede ejecutar /import file-name=sip_attack.rsc

C:mke solutions


Evite ataques a su SIP