[caiu] Ataque a servidor de e-mail

Cássio Elias de Sousa Figueiredo cassioelias em corples.com.br
Quarta Agosto 26 15:31:20 BRT 2015


Só uma dúvida, mas você deixa pingar nesse servidor em questão?

Em 26/08/2015 15:01, Leonardo da Silva Fiuza Pina escreveu:
> A pergunta é se o invasor irá utilizar o webmail com captcha ou o 
> servidor SMTP/POP/IMAP diretamente, que nem faz idéia o que é um captcha.
>
> Impor o uso de senhas seguras ainda é uma solução válida e viável se 
> souber implementar.
>
> Cordial cumprimento.
>
> On 08/26/2015 14:52, Osvaldo Filho wrote:
>> Acho que se houver acesso via webmail sim, isso seria implementado em 
>> cima
>> do Apache com PHP.
>>
>> 2015-08-26 14:42 GMT-03:00 Eduardo Rigler <erigler em gmail.com>:
>>
>>> rola captcha no smtp? :-)
>>>
>>> []'s
>>>
>>>
>>> Em 26 de agosto de 2015 14:30, Cássio Elias de Sousa Figueiredo <
>>> cassioelias em corples.com.br> escreveu:
>>>
>>>> Um captcha nessa poderia ter te ajudado, não?
>>>>
>>>>
>>>> Em 26/08/2015 14:26, Eduardo Rigler escreveu:
>>>>
>>>>> Isso é um problema. Vc pode elaborar N formas de segurança em 
>>>>> todos os
>>>>> níveis de acesso, se um único usuário tiver um login/senha fácil 
>>>>> demais,
>>>>> pode ser o mesmo que não ter nada.
>>>>>
>>>>> Já entrei em blacklist da noite pro dia por causa da conta de um
>>>>> ex-colaborador que foi mantida ativa "só por mais um tempinho" e com
>>>>> "aproveita e troca a senha pra 123456 aí".
>>>>>
>>>>>
>>>>> []'s
>>>>>
>>>>>
>>>>> Em 26 de agosto de 2015 14:17, Osvaldo Filho <
>>>>> osvaldofilho.redes em gmail.com>
>>>>> escreveu:
>>>>>
>>>>> Terceirização de serviços deste tipo em ambiente público é 
>>>>> complicado.
>>>>>> Deixar informações sensíveis nas mãos de terceiros para nós aqui.
>>>>>>
>>>>>> Sobre a política de senha estamos revendo. O problema é que temos
>>>>>> servidores antigos e/ou aposentados que não conseguem decorar senhas
>>>>>> fortes, o que piora mais ainda nossa situação.
>>>>>>
>>>>>> 2015-08-26 13:13 GMT-03:00 suporte salvador 
>>>>>> <suporteinfossa em gmail.com
>>>> :
>>>>>> Se for um usuário de login, pode ter certeza que vem mais por ai. 
>>>>>> Tente
>>>>>>> implementar uma captcha na página de login, isso não soluciona mas
>>> pode
>>>>>>> inibir.
>>>>>>> Em 26/08/2015 13:04, "Osvaldo Filho" <osvaldofilho.redes em gmail.com>
>>>>>>> escreveu:
>>>>>>>
>>>>>>> Agradeço a ajuda de todos. De cara fiz uma gambiarra paliativa. 
>>>>>>> Criei
>>>>>>> um
>>>>>>> script para pegar os IPs e bloquear direto na máquina via IPTABLES.
>>>>>>>> Nossos servidores já estão separados (MX/POP/IMAP). Cara um 
>>>>>>>> roda em
>>> um
>>>>>>>> server.
>>>>>>>>
>>>>>>>> 2015-08-26 12:13 GMT-03:00 Eduardo Rigler <erigler em gmail.com>:
>>>>>>>>
>>>>>>>> Com certeza, além de colocar os IP's/redes de gerência na 
>>>>>>>> whitelist
>>>>>>>> (pq
>>>>>>> sempre vai ter um ~abençoado~ que vai ficar errando a senha até
>>>>>>>> bloquear
>>>>>>>> todo mundo).
>>>>>>>>> Aqui o padrão é 3 erradas de senha e vai pra banlist por 10 
>>>>>>>>> anos :D
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> []'s
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Em 26 de agosto de 2015 12:01, Guilherme Domingues <
>>>>>>>>> guilherme.domingues.oliveira em gmail.com> escreveu:
>>>>>>>>>
>>>>>>>>> +1 para Fail2ban
>>>>>>>>>> Ao implementar sugiro aumentar o tempo de estadia destes ips na
>>>>>>>>>>
>>>>>>>>> lista,
>>>>>>>> e
>>>>>>>>
>>>>>>>>> reduzir o número de tentativas para ser banido.
>>>>>>>>>> LPI 201
>>>>>>>>>> LPI000161013
>>>>>>>>>> https://cs.lpi.org/caf/Xamman/certification/process_verify
>>>>>>>>>> code verification:  v8bwxqzja7
>>>>>>>>>> Linux ID #425752
>>>>>>>>>> ---
>>>>>>>>>> "A mente que se abre a uma nova idéia jamais voltará ao seu 
>>>>>>>>>> tamanho
>>>>>>>>>> original."  Albert Einstein
>>>>>>>>>>
>>>>>>>>>> 2015-08-26 11:57 GMT-03:00 Douglas Fischer <
>>>>>>>>>>
>>>>>>>>> fischerdouglas em gmail.com
>>>>>>> :
>>>>>>>>> +1 para Fail2Ban
>>>>>>>>>>> Eu recomendaria também tirar o MX(tanto in quanto out) do mesmo
>>>>>>>>>>>
>>>>>>>>>> server
>>>>>>>>> que
>>>>>>>>>>> atende requisições de usuários(Submission/POP3/IMAP/Webmail).
>>>>>>>>>>>
>>>>>>>>>>> Alíás, DNS Autoritativo, Proxy Reverso, e MX, eu sempre costumo
>>>>>>>>>>>
>>>>>>>>>> colocar
>>>>>>>>> numa DMZ específica para serviços de cara-pra-rua....
>>>>>>>>>>>
>>>>>>>>>>> Em 26 de agosto de 2015 11:33, Osvaldo Filho <
>>>>>>>>>>>
>>>>>>>>>> osvaldofilho.redes em gmail.com
>>>>>>>>>>
>>>>>>>>>>> escreveu:
>>>>>>>>>>>
>>>>>>>>>>> Aparentemente brute force. Várias mensagens de log do tip:
>>>>>>>>>>>> SASL LOGIN authentication failed: authentication failure
>>>>>>>>>>>>
>>>>>>>>>>>> Vou ver com o pessoal que cuida do nosso firewall. Mas como
>>>>>>>>>>>>
>>>>>>>>>>> temos
>>>>>>> alunos
>>>>>>>>>>> e
>>>>>>>>>>>
>>>>>>>>>>>> professores que publicam coisas em eventos internacionais não
>>>>>>>>>>>>
>>>>>>>>>>> sei
>>>>>>> se
>>>>>>>>> podemos bloquear todos os IPs internacionais.
>>>>>>>>>>>>
>>>>>>>>>>>> 2015-08-26 11:26 GMT-03:00 Eduardo Rigler <erigler em gmail.com>:
>>>>>>>>>>>>
>>>>>>>>>>>> Ataques de que tipo?
>>>>>>>>>>>>> relay? ssh/rdp or what?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Em 26 de agosto de 2015 11:21, Osvaldo Filho <
>>>>>>>>>>>>>
>>>>>>>>>>>> osvaldofilho.redes em gmail.com
>>>>>>>>>>>>
>>>>>>>>>>>>> escreveu:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Bom dia,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Alguém está sofrendo ataques aos seus servidores de e-mail.
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Aqui
>>>>>>>>> na
>>>>>>>>>
>>>>>>>>>> Universidade Federal do Ceará estamos sofrendo ataques
>>>>>>>>>>>>> desde
>>>>>>> as
>>>>>>>
>>>>>>>> 04:00
>>>>>>>>>>> da
>>>>>>>>>>>>> matina.
>>>>>>>>>>>>>> Seguem os IPs de origem:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 173-162-132-221-NewEngland.hfc.comcastbusiness.net
>>>>>>>>>>>>>>
>>>>>>>>>>>>> [173.162.132.221]
>>>>>>>>>>>>>> unknown[176.61.140.126]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> unknown[187.85.170.68]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Esses são os IPs que mais tentaram.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -- 
>>>>>>>>>>>>>> Att,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Osvaldo Filho.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Técnico em TI/Redes - Universidade Federal do Ceará.
>>>>>>>>>>>>>> Sócio-fundador do i-TIC Digital Livre <
>>>>>>>>>>>>>> https://www.facebook.com/iticdigital>
>>>>>>>>>>>>>> - Informação Livre para todos!
>>>>>>>>>>>>>> Twitter i-TIC Digital Livre: @iticdigital
>>>>>>>>>>>>>> TUX-CE Member.
>>>>>>>>>>>>>> Pós-graduando em MBA em Arquitetura de Redes e Cloud
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Computing
>>>>>>>> -
>>>>>>>>
>>>>>>>>> Instituto
>>>>>>>>>>>>>> BSB.
>>>>>>>>>>>>>> Graduado em Redes de Computadores - Centro Universitário
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Estácio
>>>>>>>>> do
>>>>>>>>>
>>>>>>>>>> Ceará.
>>>>>>>>>>>>>> Técnico em Conectividade com Extensão em Desenvolvimento de
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Software
>>>>>>>>>>> -
>>>>>>>>>>>
>>>>>>>>>>>> IFCE
>>>>>>>>>>>>>> (Cefet).
>>>>>>>>>>>>>> Graduando em Telemática - IFCE (Cefet).
>>>>>>>>>>>>>> Novell Datacenter Technical Specialist.
>>>>>>>>>>>>>> Linux Professional Institute Certified Level 1.
>>>>>>>>>>>>>> Novell Certified Linux Administrator (CLA).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Facebook: Osvaldo Filho
>>>>>>>>>>>>>> Twitter: @osvaldofilho
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> caiu mailing list
>>>>>>>>>>>>>> caiu em eng.registro.br
>>>>>>>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> caiu mailing list
>>>>>>>>>>>>> caiu em eng.registro.br
>>>>>>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>> -- 
>>>>>>>>>>>> Att,
>>>>>>>>>>>>
>>>>>>>>>>>> Osvaldo Filho.
>>>>>>>>>>>>
>>>>>>>>>>>> Técnico em TI/Redes - Universidade Federal do Ceará.
>>>>>>>>>>>> Sócio-fundador do i-TIC Digital Livre <
>>>>>>>>>>>> https://www.facebook.com/iticdigital>
>>>>>>>>>>>> - Informação Livre para todos!
>>>>>>>>>>>> Twitter i-TIC Digital Livre: @iticdigital
>>>>>>>>>>>> TUX-CE Member.
>>>>>>>>>>>> Pós-graduando em MBA em Arquitetura de Redes e Cloud Computing
>>>>>>>>>>>>
>>>>>>>>>>> -
>>>>>>> Instituto
>>>>>>>>>>>> BSB.
>>>>>>>>>>>> Graduado em Redes de Computadores - Centro Universitário
>>>>>>>>>>>>
>>>>>>>>>>> Estácio
>>>>>>> do
>>>>>>>
>>>>>>>> Ceará.
>>>>>>>>>>>> Técnico em Conectividade com Extensão em Desenvolvimento de
>>>>>>>>>>>>
>>>>>>>>>>> Software
>>>>>>>>> -
>>>>>>>>>
>>>>>>>>>> IFCE
>>>>>>>>>>>> (Cefet).
>>>>>>>>>>>> Graduando em Telemática - IFCE (Cefet).
>>>>>>>>>>>> Novell Datacenter Technical Specialist.
>>>>>>>>>>>> Linux Professional Institute Certified Level 1.
>>>>>>>>>>>> Novell Certified Linux Administrator (CLA).
>>>>>>>>>>>>
>>>>>>>>>>>> Facebook: Osvaldo Filho
>>>>>>>>>>>> Twitter: @osvaldofilho
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> caiu mailing list
>>>>>>>>>>>> caiu em eng.registro.br
>>>>>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>>>>>
>>>>>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> -- 
>>>>>>>>>>> Douglas Fernando Fischer
>>>>>>>>>>> Engº de Controle e Automação
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> caiu mailing list
>>>>>>>>>>> caiu em eng.registro.br
>>>>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>>>>
>>>>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>> caiu mailing list
>>>>>>>>>> caiu em eng.registro.br
>>>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>>>
>>>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>> caiu mailing list
>>>>>>>>> caiu em eng.registro.br
>>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>>
>>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>>
>>>>>>>>>
>>>>>>>> -- 
>>>>>>>> Att,
>>>>>>>>
>>>>>>>> Osvaldo Filho.
>>>>>>>>
>>>>>>>> Técnico em TI/Redes - Universidade Federal do Ceará.
>>>>>>>> Sócio-fundador do i-TIC Digital Livre <
>>>>>>>> https://www.facebook.com/iticdigital>
>>>>>>>> - Informação Livre para todos!
>>>>>>>> Twitter i-TIC Digital Livre: @iticdigital
>>>>>>>> TUX-CE Member.
>>>>>>>> Pós-graduando em MBA em Arquitetura de Redes e Cloud Computing -
>>>>>>>>
>>>>>>> Instituto
>>>>>>>
>>>>>>>> BSB.
>>>>>>>> Graduado em Redes de Computadores - Centro Universitário 
>>>>>>>> Estácio do
>>>>>>>>
>>>>>>> Ceará.
>>>>>>>
>>>>>>>> Técnico em Conectividade com Extensão em Desenvolvimento de 
>>>>>>>> Software
>>> -
>>>>>>> IFCE
>>>>>>>
>>>>>>>> (Cefet).
>>>>>>>> Graduando em Telemática - IFCE (Cefet).
>>>>>>>> Novell Datacenter Technical Specialist.
>>>>>>>> Linux Professional Institute Certified Level 1.
>>>>>>>> Novell Certified Linux Administrator (CLA).
>>>>>>>>
>>>>>>>> Facebook: Osvaldo Filho
>>>>>>>> Twitter: @osvaldofilho
>>>>>>>> _______________________________________________
>>>>>>>> caiu mailing list
>>>>>>>> caiu em eng.registro.br
>>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>>
>>>>>>>>
>>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>>
>>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>> caiu mailing list
>>>>>>> caiu em eng.registro.br
>>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>>
>>>>>>>
>>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>>
>>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>>
>>>>>>>
>>>>>> -- 
>>>>>> Att,
>>>>>>
>>>>>> Osvaldo Filho.
>>>>>>
>>>>>> Técnico em TI/Redes - Universidade Federal do Ceará.
>>>>>> Sócio-fundador do i-TIC Digital Livre <
>>>>>> https://www.facebook.com/iticdigital>
>>>>>> - Informação Livre para todos!
>>>>>> Twitter i-TIC Digital Livre: @iticdigital
>>>>>> TUX-CE Member.
>>>>>> Pós-graduando em MBA em Arquitetura de Redes e Cloud Computing -
>>>>>> Instituto
>>>>>> BSB.
>>>>>> Graduado em Redes de Computadores - Centro Universitário Estácio do
>>>>>> Ceará.
>>>>>> Técnico em Conectividade com Extensão em Desenvolvimento de 
>>>>>> Software -
>>>>>> IFCE
>>>>>> (Cefet).
>>>>>> Graduando em Telemática - IFCE (Cefet).
>>>>>> Novell Datacenter Technical Specialist.
>>>>>> Linux Professional Institute Certified Level 1.
>>>>>> Novell Certified Linux Administrator (CLA).
>>>>>>
>>>>>> Facebook: Osvaldo Filho
>>>>>> Twitter: @osvaldofilho
>>>>>> _______________________________________________
>>>>>> caiu mailing list
>>>>>> caiu em eng.registro.br
>>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>>
>>>>>>
>>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>>
>>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>>
>>>>>> _______________________________________________
>>>>> caiu mailing list
>>>>> caiu em eng.registro.br
>>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>>
>>>>>
>>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>>
>>>>> https://eng.registro.br/mailman/options/caiu
>>>>>
>>>> _______________________________________________
>>>> caiu mailing list
>>>> caiu em eng.registro.br
>>>> https://eng.registro.br/mailman/listinfo/caiu
>>>>
>>>>
>>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>>
>>>> https://eng.registro.br/mailman/options/caiu
>>>>
>>> _______________________________________________
>>> caiu mailing list
>>> caiu em eng.registro.br
>>> https://eng.registro.br/mailman/listinfo/caiu
>>>
>>>
>>> --> PARA SAIR DA LISTA SIGA AS INSTRUÇÕES em:
>>>
>>> https://eng.registro.br/mailman/options/caiu
>>>
>>
>>


Mais detalhes sobre a lista de discussão caiu