{"id":2192,"date":"2020-01-15T10:20:14","date_gmt":"2020-01-15T07:20:14","guid":{"rendered":"https:\/\/vasexperts-ru.hst11.itglobal.com\/blog\/%d0%b1%d0%b5%d0%b7-%d1%80%d1%83%d0%b1%d1%80%d0%b8%d0%ba%d0%b8\/detect-brute-force-network\/"},"modified":"2025-08-21T10:31:58","modified_gmt":"2025-08-21T07:31:58","slug":"detect-brute-force-network","status":"publish","type":"post","link":"https:\/\/vasexperts.com\/br\/blog\/security\/detect-brute-force-network\/","title":{"rendered":"Como detectar Brute Force na rede"},"content":{"rendered":"Brute force \u00e9 um m\u00e9todo de ataque usado para quebrar senhas calculando todas as combina\u00e7\u00f5es poss\u00edveis. Quanto mais curta e simples for a senha, menos tempo e recursos ser\u00e3o necess\u00e1rios para selecion\u00e1-la. Esse m\u00e9todo \u00e9 frequentemente usado para criar botnets de dispositivos infectados.\r\n\r\nCaso seja detectada atividade de brute force com a subsequente BotNet na rede, a operadora de telecomunica\u00e7\u00f5es corre o risco de ter o endere\u00e7o IP bloqueado.\r\n<h2>Detec\u00e7\u00e3o de um ataque de brute force<\/h2>\r\nA plataforma Stingray gera o Full NetFlow no formato IPFIX, que \u00e9 enviado para um <a href=\"\/br\/products\/qoe-analytics\/\" target=\"_blank\" rel=\"noopener noreferrer\">m\u00f3dulo de Qualidade da Experi\u00eancia<\/a> especial. Os dados da experi\u00eancia do usu\u00e1rio t\u00eam as seguintes m\u00e9tricas:\r\n<ul>\r\n<li>Tempo de ida e volta (RTT)<\/li>\r\n<li>Indicadores do n\u00famero de tentativas<\/li>\r\n<li>N\u00famero de sess\u00f5es, dispositivos e agentes<\/li>\r\n<li>Endere\u00e7os IP por assinante<\/li>\r\n<li>Distribui\u00e7\u00e3o de tr\u00e1fego por aplica\u00e7\u00e3o e protocolos de transporte<\/li>\r\n<li>Distribui\u00e7\u00e3o de tr\u00e1fego por n\u00fameros de sistemas aut\u00f4nomos (AS)<\/li>\r\n<li>Chumbo de cliques para cada assinante.<\/li>\r\n<\/ul>\r\nSess\u00f5es curtas e frequentes nos d\u00e3o uma pista sobre uma tentativa de hackear o dispositivo. Exemplos de protocolos que podem ser hackeados: <b>SSH, HTTP, HTTPS<\/b>.\r\n\r\nAo habilitar o gatilho <b>ssh-bruteforce<\/b> no m\u00f3dulo QoE, o engenheiro de rede receber\u00e1 notifica\u00e7\u00f5es sobre tentativas de invas\u00e3o e reagir\u00e1 rapidamente. \u00c9 poss\u00edvel escolher o tipo de notifica\u00e7\u00e3o: por e-mail (para um ou mais endere\u00e7os com um modelo personalizado) ou HTTP (o recurso \u00e9 chamado pelo m\u00e9todo GET ou POST).\r\n\r\n<h2>Gatilhos e notifica\u00e7\u00f5es<\/h2>\r\nOs gatilhos processam estat\u00edsticas de tr\u00e1fego e analisam os dados em segundo plano. No caso de for\u00e7a bruta, o relat\u00f3rio exibe uma lista TOP de hosts que foram acessados via protocolo SSH.\r\n\r\nO relat\u00f3rio \u00e9 gerado com base em tr\u00eas m\u00e9tricas principais:\r\n<ol>\r\n<li>tempo de vida da sess\u00e3o<\/li>\r\n<li>n\u00famero de sess\u00f5es por assinante por per\u00edodo<\/li>\r\n<li>protocolo da camada de aplica\u00e7\u00e3o<\/li>\r\n<\/ol>\r\n<blockquote>Quando o n\u00famero de sess\u00f5es por assinante \u00e9 grande (mais de 100 por assinante por padr\u00e3o) e a dura\u00e7\u00e3o dessas sess\u00f5es \u00e9 curta, voc\u00ea pode suspeitar que algu\u00e9m est\u00e1 tentando adivinhar uma senha: em outras palavras, um invasor faz <b>um grande n\u00famero de tentativas de autoriza\u00e7\u00e3o em um curto espa\u00e7o de tempo<\/b>.\r\n\r\n\u00c9 um gatilho do sistema e est\u00e1 dispon\u00edvel em ambas as licen\u00e7as do m\u00f3dulo QoE: Lite e Standard.<\/blockquote>\r\n<h3>Estudo de caso<\/h3>\r\nEste exemplo mostra 105 sess\u00f5es por 1 assinante.\r\n\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/number-of-sessions.png\" alt=\"Number of sessions per subscriber\" width=\"100%\" class=\"alignnone size-full wp-image-1977\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/number-of-sessions.png\" alt=\"Number of sessions per subscriber\" width=\"100%\" class=\"alignnone size-full wp-image-1977 lazyload\" data-src=\"\/wp-content\/uploads\/2020\/07\/number-of-sessions.png\">\r\n\r\nCom base no relat\u00f3rio de QoE, o sistema permite criar relat\u00f3rios mais detalhados para visualizar as especifica\u00e7\u00f5es no log bruto do Netflow. As informa\u00e7\u00f5es est\u00e3o dispon\u00edveis:\r\n<ul>\r\n<li>por dura\u00e7\u00e3o da sess\u00e3o<\/li>\r\n<li>IP do assinante e do host<\/li>\r\n<li>portas e n\u00fameros de sistemas aut\u00f4nomos.<\/li>\r\n<\/ul>\r\nNeste relat\u00f3rio, observamos um certo host for\u00e7ando a senha de um assinante.\r\n\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/building-a-report.png\" alt=\"Building a report\" width=\"100%\" class=\"alignnone size-full wp-image-1978\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/building-a-report.png\" alt=\"Building a report\" width=\"100%\" class=\"alignnone size-full wp-image-1978 lazyload\" data-src=\"\/wp-content\/uploads\/2020\/07\/building-a-report.png\">\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/detailed-report.png\" alt=\"Detailed report\" width=\"100%\" class=\"alignnone size-full wp-image-1979\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/detailed-report.png\" alt=\"Detailed report\" width=\"100%\" class=\"alignnone size-full wp-image-1979 lazyload\" data-src=\"\/wp-content\/uploads\/2020\/07\/detailed-report.png\">\r\n<h2>O que voc\u00ea deve fazer quando um ataque de for\u00e7a bruta \u00e9 detectado?<\/h2>\r\nA primeira coisa que um provedor de internet pode fazer \u00e9 <b>entrar em contato com o assinante<\/b>, notific\u00e1-lo e oferecer a possibilidade de tornar a senha mais complexa. O assinante tamb\u00e9m pode ser avisado exibindo um banner ou publicando informa\u00e7\u00f5es na p\u00e1gina inicial, na se\u00e7\u00e3o \u201cService Management Advertising\u201d.\r\n\r\nEm segundo lugar, <b><a href=\"\/br\/products\/stingray\/mini-firewall\/\" rel=\"noopener noreferrer\" target=\"_blank\">habilitar a op\u00e7\u00e3o mini-firewall<\/a><\/b> para um determinado assinante. Esta fun\u00e7\u00e3o do Stingray Service Gateway \u00e9 necess\u00e1ria para garantir o uso seguro da internet e proteger a rede contra sobrecargas e softwares maliciosos. O mini-firewall integrado \u00e0 plataforma resolve duas tarefas principais:\r\n<ol>\r\n<li>prevenir invas\u00f5es por meio de portas abertas que podem ser atacadas;<\/li>\r\n<li>bloquear atividades nocivas provenientes do assinante.<\/li>\r\n<\/ol>\r\n<h2>Quais senhas s\u00e3o quebradas com mais frequ\u00eancia?<\/h2>\r\nLogin e senha padr\u00e3o s\u00e3o fornecidos na maioria dos sistemas criptografados, onde um usu\u00e1rio pode autorizar. O ideal \u00e9 que cada usu\u00e1rio altere a senha padr\u00e3o para a sua pr\u00f3pria ap\u00f3s entrar no sistema pela primeira vez; no entanto, muitos negligenciam essa regra de seguran\u00e7a simples ou definem combina\u00e7\u00f5es muito simples para facilitar a memoriza\u00e7\u00e3o. Assim, grupos inteiros de senhas vulner\u00e1veis s\u00e3o formados:\r\n<ul>\r\n<li>Sequ\u00eancias simples (teclado-caminhadas): qwerty, qazwsx, 123456<\/li>\r\n<li>Frases e palavras que frequentemente v\u00eam \u00e0 mente ao criar uma senha: senha, admin, root, acesso<\/li>\r\n<li>Senhas que duplicam parcialmente os logins, por exemplo, com a adi\u00e7\u00e3o de n\u00fameros: user123.<\/li>\r\n<\/ul>\r\n<h3>Estat\u00edsticos:<\/h3>\r\n<ul>\r\n<li>De acordo com <a href=\"https:\/\/haveibeenpwned.com\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">https:\/\/haveibeenpwned.com\/<\/a>, mais de 9 bilh\u00f5es de contas foram desacreditadas at\u00e9 o momento;<\/li>\r\n<li>Mais de <a href=\"https:\/\/haveibeenpwned.com\/Passwords\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">555 milh\u00f5es de entradas<\/a> est\u00e3o expostas no \u201cdicion\u00e1rio de senhas\u201d;<\/li>\r\n<li>O maior n\u00famero de hosts de botnets (botnet C&C \u2013 comandos e controladores) est\u00e1 localizado nos EUA, seguido pela R\u00fassia e Holanda.<\/li>\r\n<\/ul>\r\n<noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/spamhaus-report.png\" alt=\"spamhaus report\" width=\"100%\" class=\"alignnone size-full wp-image-1981\"><\/noscript><img decoding=\"async\" src=\"\/wp-content\/uploads\/2020\/07\/spamhaus-report.png\" alt=\"spamhaus report\" width=\"100%\" class=\"alignnone size-full wp-image-1981 lazyload\" data-src=\"\/wp-content\/uploads\/2020\/07\/spamhaus-report.png\">\r\n<a href=\"https:\/\/www.deteque.com\/app\/uploads\/2019\/02\/Spamhaus-Botnet-Threat-Report-2019.pdf\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">Spamhaus Botnet Threat Report 2019<\/a>\r\n<h2>Para resumir<\/h2>\r\nNormalmente, dispositivos infectados s\u00e3o usados para ataques DDoS, envio de spam, v\u00edrus, organiza\u00e7\u00e3o de minera\u00e7\u00e3o de criptomoedas, download de dados pessoais de usu\u00e1rios e chantagem cibern\u00e9tica. O alvo da For\u00e7a Bruta pode ser usu\u00e1rios comuns da Internet, bem como empresas comerciais e estatais. \u00c0s vezes, senhas e outros dados desacreditados s\u00e3o vendidos para expandir ainda mais a rede infectada.\r\n\r\nA instala\u00e7\u00e3o da <a href=\"\/br\/products\/stingray\/\" rel=\"noopener noreferrer\" target=\"_blank\">plataforma Stingray<\/a> com a op\u00e7\u00e3o mini-Firewall e o m\u00f3dulo QoE permite proteger a rede contra ataques DoS e DDoS, analisar o tr\u00e1fego e controlar sobrecargas. Voc\u00ea pode aprender mais sobre os benef\u00edcios e outras funcionalidades do sistema de an\u00e1lise profunda de tr\u00e1fego com os especialistas da VAS Experts.\r\n\r\n[subscription id=\u201d11987\u2033]Assine nossa newsletter e fique atualizado sobre os \u00faltimos desenvolvimentos e ofertas especiais.[\/subscription]<\/b>","protected":false},"excerpt":{"rendered":"<p>Caso seja detectada atividade de Bruteforce com o BotNet subsequente na rede, a operadora de telecomunica\u00e7\u00f5es corre o risco de ter o endere\u00e7o IP bloqueado.<\/p>\n","protected":false},"author":1,"featured_media":3138,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110,55],"tags":[],"class_list":["post-2192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-functionality"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>(English) VASExperts<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/\",\"url\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/\",\"name\":\"[:en]How to detect Brute Force in the network? \u2014 VAS Experts[:es]\u00bfC\u00f3mo detectar Brute Force en la red? \u2014 VAS Experts[:fr]Comment d\u00e9tecter la force brute dans le r\u00e9seau ? \u2014 VAS Experts[:br]Como detectar Brute Force na rede? \u2014 VAS Experts\",\"isPartOf\":{\"@id\":\"https:\/\/vasexperts.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#primaryimage\"},\"thumbnailUrl\":\"\/wp-content\/uploads\/2020\/01\/detect-bruteforce-1.jpg\",\"datePublished\":\"2020-01-15T07:20:14+00:00\",\"dateModified\":\"2025-08-21T07:31:58+00:00\",\"author\":{\"@id\":\"https:\/\/vasexperts.com\/#\/schema\/person\/da05c9a6f023e1596cae221d4037bea5\"},\"description\":\"[:en]Brute Force is an attack technique used to crack passwords by calculating all possible combinations. Find out how to find it[:es]Brute Force es una t\u00e9cnica de ataque utilizada para descifrar contrase\u00f1as calculando todas las combinaciones posibles. Descubra c\u00f3mo encontrarlo[:fr]La force brute est une technique d'attaque utilis\u00e9e pour craquer les mots de passe en calculant toutes les combinaisons possibles. D\u00e9couvrez comment la trouver[:br]Brute force \u00e9 uma t\u00e9cnica de ataque usada para quebrar senhas calculando todas as combina\u00e7\u00f5es poss\u00edveis. Descubra como encontr\u00e1-la\",\"breadcrumb\":{\"@id\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#breadcrumb\"},\"inLanguage\":\"br-PT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"br-PT\",\"@id\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#primaryimage\",\"url\":\"\/wp-content\/uploads\/2020\/01\/detect-bruteforce-1.jpg\",\"contentUrl\":\"\/wp-content\/uploads\/2020\/01\/detect-bruteforce-1.jpg\",\"width\":1200,\"height\":754,\"caption\":\"How to detect bruteforce in the network\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/vasexperts.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to detect Brute Force in the network\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/vasexperts.com\/#website\",\"url\":\"https:\/\/vasexperts.com\/\",\"name\":\"ITGLOBAL.COM\",\"description\":\"(English) VASExperts\",\"inLanguage\":\"br-PT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/vasexperts.com\/#\/schema\/person\/da05c9a6f023e1596cae221d4037bea5\",\"name\":\"ivan.kuzin\",\"sameAs\":[\"https:\/\/vasexperts-ru.hst11.itglobal.com\"],\"url\":\"https:\/\/vasexperts.com\/br\/blog\/author\/ivan-kuzin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"(English) VASExperts","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/","url":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/","name":"[:en]How to detect Brute Force in the network? \u2014 VAS Experts[:es]\u00bfC\u00f3mo detectar Brute Force en la red? \u2014 VAS Experts[:fr]Comment d\u00e9tecter la force brute dans le r\u00e9seau ? \u2014 VAS Experts[:br]Como detectar Brute Force na rede? \u2014 VAS Experts","isPartOf":{"@id":"https:\/\/vasexperts.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#primaryimage"},"image":{"@id":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2020\/01\/detect-bruteforce-1.jpg","datePublished":"2020-01-15T07:20:14+00:00","dateModified":"2025-08-21T07:31:58+00:00","author":{"@id":"https:\/\/vasexperts.com\/#\/schema\/person\/da05c9a6f023e1596cae221d4037bea5"},"description":"[:en]Brute Force is an attack technique used to crack passwords by calculating all possible combinations. Find out how to find it[:es]Brute Force es una t\u00e9cnica de ataque utilizada para descifrar contrase\u00f1as calculando todas las combinaciones posibles. Descubra c\u00f3mo encontrarlo[:fr]La force brute est une technique d'attaque utilis\u00e9e pour craquer les mots de passe en calculant toutes les combinaisons possibles. D\u00e9couvrez comment la trouver[:br]Brute force \u00e9 uma t\u00e9cnica de ataque usada para quebrar senhas calculando todas as combina\u00e7\u00f5es poss\u00edveis. Descubra como encontr\u00e1-la","breadcrumb":{"@id":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#breadcrumb"},"inLanguage":"br-PT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/"]}]},{"@type":"ImageObject","inLanguage":"br-PT","@id":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#primaryimage","url":"\/wp-content\/uploads\/2020\/01\/detect-bruteforce-1.jpg","contentUrl":"\/wp-content\/uploads\/2020\/01\/detect-bruteforce-1.jpg","width":1200,"height":754,"caption":"How to detect bruteforce in the network"},{"@type":"BreadcrumbList","@id":"https:\/\/vasexperts.com\/blog\/security\/detect-brute-force-network\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/vasexperts.com\/"},{"@type":"ListItem","position":2,"name":"How to detect Brute Force in the network"}]},{"@type":"WebSite","@id":"https:\/\/vasexperts.com\/#website","url":"https:\/\/vasexperts.com\/","name":"ITGLOBAL.COM","description":"(English) VASExperts","inLanguage":"br-PT"},{"@type":"Person","@id":"https:\/\/vasexperts.com\/#\/schema\/person\/da05c9a6f023e1596cae221d4037bea5","name":"ivan.kuzin","sameAs":["https:\/\/vasexperts-ru.hst11.itglobal.com"],"url":"https:\/\/vasexperts.com\/br\/blog\/author\/ivan-kuzin\/"}]}},"_links":{"self":[{"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/posts\/2192"}],"collection":[{"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/comments?post=2192"}],"version-history":[{"count":10,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/posts\/2192\/revisions"}],"predecessor-version":[{"id":13100,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/posts\/2192\/revisions\/13100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/media\/3138"}],"wp:attachment":[{"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/media?parent=2192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/categories?post=2192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vasexperts.com\/br\/wp-json\/wp\/v2\/tags?post=2192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}