date:20141003

Re: [asterisk-users] Asterisk removes ice lines in sdp when calling between webrtc clients

2014-10-03 Thread Matthew Jordan

On Thu, Oct 2, 2014 at 10:18 AM, Olli Heiskanen
ohjelmistoarkkite...@gmail.com wrote:
 Hi,

 Thanks Eric for your reply, yes I know Asterisk replaces the sdp, however it
 should create ice lines when calling to a webrtc client, which it is
 currently not doing.

 To recap my problem (check previous messages for details); I have 2 webrtc
 clients (sip.js on chrome) with realtime information that appears to be
 correct. When calling from A to B, INVITE coming to Asterisk contains
 correct sdp, but when the INVITE leaves Asterisk, the sdp lacks ice lines.


Unfortunately, I can't reproduce this. We've been running a lot of
tests with a variety of SIP clients over the past week here at SIPit -
both with and without ICE - and I haven't had a single instance of
Asterisk failing to provide any ICE candidates when it is properly
configured to do so.

-- 
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com  http://asterisk.org

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] CALLERID(num) and CDR(clid) - originate

2014-10-03 Thread Matthew Jordan

On Wed, Oct 1, 2014 at 8:00 AM, Gabriel Ortiz Lour
ortiz.ad...@gmail.com wrote:
 Hello,

   A question on channel originating (call files and AMI Originate):

   How can I change the CALLERID(num) var (because of the E1 provider needs),
 but having another númber (the original one) stored on the clid CDR field
 on the database?

You can't. The clid CDR field cannot be modified from the dialplan,
and is always set to the caller ID of the channel. If you change the
caller ID on the channel, you can expect the CDR clid field to reflect
that.

That being said, if you are using a flexible backend (such as
cdr_custom or cdr_adaptive_odbc), you can add a custom column to your
CDR records - such as 'clid_original' - and use the CDR function to
set that value prior to changing the caller ID:

exten = Set(CDR(clid_original)=${CALLERID(num)})
exten = Set(CALLERID(num)=6575309)

Matt

-- 
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com  http://asterisk.org

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] SPA112: one analog phone works, not the other

2014-10-03 Thread Olivier

Hello,

I'm preparing a setup before installing it within the next few days.

In this setup, I'm using a SPA112 as an ATA for an analog phone.
The target phone is a Gigaset A400 DECT handset.

In my lab, I've got another A400 handset and an old Matracom 46 handset.

When I connect my Matracom 46 handset to my SPA112, I can send and
receive calls.
When I connect my A400 handset to the same SPA112 port, I can receive
calls (from SIP to analog) but cannot send (from analog to SIP) :
nothing shows at asterisk console.

When connecting this A400 handset to my provider box (which also has
an FXS port), I can successfully send and receive.

From this, I conclude my A400 works but differently from my other handset.

Basically, when dialing out with my A400, I'm observing this:
- I dial my full number (eg 0123456789) then press Send key (as with a
mobile phone),
- then I hear a long dialing tone from the SPA112 (unplugging the
cable between both cut this tone off),
- then I hear dialing tones back (those are sent quite fast, one tone
for each dialed digit),
- then I hear a busy tone and nothing shows at asterisk console.

Which SPA112 settings shall I change to get this A400 to work ?
What would you suggest ?

Regards

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Rainer Piper

the attacking server changed the destination Number  at 18:53  CEST  and 
he is still blocked ... LOL


972597438354  callto:00972597438354


Oct  3 18:53:17 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 
sipcli/v1.8 rm=INVITE aU=null rU=00972597438354  callto:00972597438354
Oct  3 19:06:37 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=000972597438354
Oct  3 19:19:45 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=972597438354
Oct  3 19:32:59 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=*000972597438354
Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354




Am 03.10.2014 um 14:52 schrieb Rainer Piper:

Am 02.10.2014 um 15:40 schrieb Tzafrir Cohen:

On Thu, Oct 02, 2014 at 07:52:34AM +0200, Rainer Piper wrote:


Is the destination Number like Country Code +972?

+972 59 xx(x) mobile - Jawall [moving to 7-digit subscriber numbers]

source -http://www.wtng.info/wtng-972-il.html

That page is slightly dated. +972 59 XXX are all the numbers in the
Palestinian Authority (there are several providers besides Jawall).


My SIP Proxy logs all the unauth. INVITEs and I found the a lot
calls go to the Country code +972 xxx

As a resident of +972 (+972-4), I'll just note that those hack attempts
are typically related to PA numbers (+972-59) as rates there are higher.


Hi Tzafrir,

ok, the page www.wtng.info is not really up to date.

here some logs to see the variations of the attempt  to dial over my proxy

Oct  3 11:23:06 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 
sipcli/v1.8 rm=INVITE aU=null rU=00972592910519  callto:00972592910519
Oct  3 11:42:52 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=972592910519
Oct  3 11:53:15 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=700972592910519
Oct  3 12:06:32 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=200972592910519
Oct  3 12:20:04 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 
sipcli/v1.8 rm=INVITE aU=null rU=#00972592910519  callto:00972592910519
Oct  3 12:32:53 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*000972592910519
Oct  3 12:45:35 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*972592910519
Oct  3 12:57:42 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=900972592910519
Oct  3 13:09:37 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=7700972592910519
Oct  3 13:21:24 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=66600972592910519
Oct  3 13:33:11 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519
and the source IP
69.30.254.234
is coming from
OrgName:WholeSale Internet, Inc.
OrgId:  WHOLE-125
Address:324 E. 11th St.
Address:Suite 1000
City:   Kansas City
StateProv:  MO
PostalCode: 64106
Country:US
very strange ;-)


--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161 callto:004922897167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de





--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Eric Wieling

We set up our servers to allowguest=yes and autocreatepeer=yes and use a global 
context setting to point any of those calls to an IVR jail.Attempts stop 
reasonably quickly.

An empty room with an unlocked door is far less interesting than a room 
with the door locked.

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Rainer Piper
Sent: Friday, October 03, 2014 1:53 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] PBX hacked: why hundred of calls to the same 
number ?

the attacking server changed the destination Number  at 18:53  CEST  and he is 
still blocked ... LOL


972597438354callto:00972597438354



Oct  3 18:53:17 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null 
rU=00972597438354callto:00972597438354

Oct  3 19:06:37 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=000972597438354

Oct  3 19:19:45 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=972597438354

Oct  3 19:32:59 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=*000972597438354

Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354



Am 03.10.2014 um 14:52 schrieb Rainer Piper:
Am 02.10.2014 um 15:40 schrieb Tzafrir Cohen:

On Thu, Oct 02, 2014 at 07:52:34AM +0200, Rainer Piper wrote:



Is the destination Number like Country Code +972?



+972 59 xx(x) mobile - Jawall [moving to 7-digit subscriber numbers]



source - http://www.wtng.info/wtng-972-il.html

That page is slightly dated. +972 59 XXX are all the numbers in the

Palestinian Authority (there are several providers besides Jawall).



My SIP Proxy logs all the unauth. INVITEs and I found the a lot

calls go to the Country code +972 xxx

As a resident of +972 (+972-4), I'll just note that those hack attempts

are typically related to PA numbers (+972-59) as rates there are higher.


Hi Tzafrir,

ok, the page www.wtng.infohttp://www.wtng.info is not really up to date.

here some logs to see the variations of the attempt  to dial over my proxy



Oct  3 11:23:06 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null 
rU=00972592910519callto:00972592910519

Oct  3 11:42:52 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=972592910519

Oct  3 11:53:15 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=700972592910519

Oct  3 12:06:32 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=200972592910519

Oct  3 12:20:04 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null 
rU=#00972592910519callto:00972592910519

Oct  3 12:32:53 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*000972592910519

Oct  3 12:45:35 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*972592910519

Oct  3 12:57:42 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=900972592910519

Oct  3 13:09:37 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=7700972592910519

Oct  3 13:21:24 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=66600972592910519

Oct  3 13:33:11 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519
and the source IP

69.30.254.234
is coming from


OrgName:WholeSale Internet, Inc.

OrgId:  WHOLE-125

Address:324 E. 11th St.

Address:Suite 1000

City:   Kansas City

StateProv:  MO

PostalCode: 64106

Country:US
very strange ;-)

--
Rainer Piper
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161callto:004922897167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.demailto:rai...@xmpp.soho-piper.de



--
Rainer Piper
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.demailto:rai...@xmpp.soho-piper.de
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Chris Bagnall


On 3/10/14 6:52 pm, Rainer Piper wrote:

the attacking server changed the destination Number  at 18:53  CEST  and
he is still blocked ... LOL
972597438354  callto:00972597438354


It's pretty much an everyday occurrence for any internet-connected SIP 
system these days...



Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking
IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354


Many of these attacks come from fairly easily recognised user-agent 
strings, so if you fancy doing a bit of packet inspection with your 
firewall, you can block many of these before they get as far as your SIP 
server(s) themselves.


For example, the sipcli scans you listed above can be blocked fairly 
easily with:
iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string 
sipcli -j DROP


(obviously there are overheads to string searching UDP/5060 packets that 
you'll want to consider, and the above won't work if you're using sipcli 
legitimately anywhere on your network)


Kind regards,

Chris
--
This email is made from 100% recycled electrons

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Rainer Piper


Hi  Eric

I like your approach.
I think about stateless redirect the bad boy to the NSA- or Pentagon-IVR
LOL


Am 03.10.2014 um 20:01 schrieb Eric Wieling:


We set up our servers to allowguest=yes and autocreatepeer=yes and use 
a global context setting to point any of those calls to an IVR 
jail.Attempts stop reasonably quickly.


An empty room with an unlocked door is far less interesting than a 
room with the door locked.


*From:*asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Rainer 
Piper

*Sent:* Friday, October 03, 2014 1:53 PM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* Re: [asterisk-users] PBX hacked: why hundred of calls to 
the same number ?


the attacking server changed the destination Number  at 18:53  CEST  
and he is still blocked ... LOL


972597438354  callto:00972597438354



Oct  3 18:53:17 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 
sipcli/v1.8 rm=INVITE aU=null rU=00972597438354  callto:00972597438354
Oct  3 19:06:37 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=000972597438354
Oct  3 19:19:45 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=972597438354
Oct  3 19:32:59 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=*000972597438354
Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 
62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354




Am 03.10.2014 um 14:52 schrieb Rainer Piper:

Am 02.10.2014 um 15:40 schrieb Tzafrir Cohen:

On Thu, Oct 02, 2014 at 07:52:34AM +0200, Rainer Piper wrote:

  


Is the destination Number like Country Code +972?

  


+972 59 xx(x) mobile - Jawall [moving to 7-digit subscriber 
numbers]

  


source -http://www.wtng.info/wtng-972-il.html

That page is slightly dated. +972 59 XXX are all the numbers in the

Palestinian Authority (there are several providers besides Jawall).

  


My SIP Proxy logs all the unauth. INVITEs and I found the a lot

calls go to the Country code +972 xxx

As a resident of +972 (+972-4), I'll just note that those hack attempts

are typically related to PA numbers (+972-59) as rates there are higher.

  


Hi Tzafrir,

ok, the page www.wtng.info http://www.wtng.info is not really up
to date.

here some logs to see the variations of the attempt  to dial over
my proxy


Oct  3 11:23:06 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519  
callto:00972592910519

Oct  3 11:42:52 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=972592910519

Oct  3 11:53:15 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=700972592910519

Oct  3 12:06:32 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=200972592910519

Oct  3 12:20:04 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=#00972592910519  
callto:00972592910519

Oct  3 12:32:53 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*000972592910519

Oct  3 12:45:35 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*972592910519

Oct  3 12:57:42 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=900972592910519

Oct  3 13:09:37 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=7700972592910519

Oct  3 13:21:24 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=66600972592910519

Oct  3 13:33:11 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 
69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519

and the source IP

69.30.254.234

is coming from

OrgName:WholeSale Internet, Inc.

OrgId:  WHOLE-125

Address:324 E. 11th St.

Address:Suite 1000

City:   Kansas City

StateProv:  MO

PostalCode: 64106

Country:US

very strange ;-)

-- 
*Rainer Piper*

Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161 callto:004922897167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de mailto:rai...@xmpp.soho-piper.de



--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Rainer Piper


Hi Chris,

yes ... it is boring ...
I stop posting ...
;-)


Am 03.10.2014 um 20:11 schrieb Chris Bagnall:

On 3/10/14 6:52 pm, Rainer Piper wrote:

the attacking server changed the destination Number  at 18:53  CEST  and
he is still blocked ... LOL
972597438354  callto:00972597438354


It's pretty much an everyday occurrence for any internet-connected SIP 
system these days...



Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking
IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354


Many of these attacks come from fairly easily recognised user-agent 
strings, so if you fancy doing a bit of packet inspection with your 
firewall, you can block many of these before they get as far as your 
SIP server(s) themselves.


For example, the sipcli scans you listed above can be blocked fairly 
easily with:
iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string 
sipcli -j DROP


(obviously there are overheads to string searching UDP/5060 packets 
that you'll want to consider, and the above won't work if you're using 
sipcli legitimately anywhere on your network)


Kind regards,

Chris



--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Rainer Piper


just one more ;-)

the source IP just changed to

142.0.41.179


OrgName:VolumeDrive
OrgId:  VOLUM-2
Address:1143 Northern Blvd
City:   Clarks Summit
StateProv:  PA
PostalCode: 18411
Country:US

and the destination Number to

972595632276  callto:00972595632276



Oct  3 20:26:37 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 142.0.41.179 
sipcli/v1.8 rm=INVITE aU=null rU=+972595632276  callto:00972595632276



Am 03.10.2014 um 20:15 schrieb Rainer Piper:

Hi Chris,

yes ... it is boring ...
I stop posting ...
;-)


Am 03.10.2014 um 20:11 schrieb Chris Bagnall:

On 3/10/14 6:52 pm, Rainer Piper wrote:
the attacking server changed the destination Number  at 18:53  CEST  
and

he is still blocked ... LOL
972597438354 callto:00972597438354


It's pretty much an everyday occurrence for any internet-connected 
SIP system these days...



Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking
IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354


Many of these attacks come from fairly easily recognised user-agent 
strings, so if you fancy doing a bit of packet inspection with your 
firewall, you can block many of these before they get as far as your 
SIP server(s) themselves.


For example, the sipcli scans you listed above can be blocked fairly 
easily with:
iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string 
sipcli -j DROP


(obviously there are overheads to string searching UDP/5060 packets 
that you'll want to consider, and the above won't work if you're 
using sipcli legitimately anywhere on your network)


Kind regards,

Chris



--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de





--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

2014-10-03 Thread Michelle Dupuis

There are lots of ways to solve this, and NOT to solve this.  Don't start 
adding lots of rules to iptables (or deep per packet inspection requirements) 
as this will hurt capacity...and it doesn't really solve the problem


Take a look at

http://www.voip-info.org/wiki/view/Asterisk+security


If you are running a small system I recommend trying the free version of 
SecAst.  If you're running a larger PBX, the SecAst GeoIP blocking (deny/allow 
by country/city/etc) will remove 99% of the attacks.


Take a good look at the page above for options...free/paid, software/hardware


Michelle


*All opinions are my own, and do not represent my employer.  Since I'm employed 
by GenerationD, you can

bet that my opinions are biased :)



From: asterisk-users-boun...@lists.digium.com 
asterisk-users-boun...@lists.digium.com on behalf of Rainer Piper 
rainer.pi...@soho-piper.de
Sent: Friday, October 3, 2014 2:15 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] PBX hacked: why hundred of calls to the same 
number ?

Hi Chris,

yes ... it is boring ...
I stop posting ...
;-)


Am 03.10.2014 um 20:11 schrieb Chris Bagnall:
On 3/10/14 6:52 pm, Rainer Piper wrote:
the attacking server changed the destination Number  at 18:53  CEST  and
he is still blocked ... LOL
972597438354  callto:00972597438354callto:00972597438354

It's pretty much an everyday occurrence for any internet-connected SIP system 
these days...

Oct  3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking
IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354

Many of these attacks come from fairly easily recognised user-agent strings, so 
if you fancy doing a bit of packet inspection with your firewall, you can block 
many of these before they get as far as your SIP server(s) themselves.

For example, the sipcli scans you listed above can be blocked fairly easily 
with:
iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string sipcli -j 
DROP

(obviously there are overheads to string searching UDP/5060 packets that you'll 
want to consider, and the above won't work if you're using sipcli legitimately 
anywhere on your network)

Kind regards,

Chris


--
Rainer Piper
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.demailto:rai...@xmpp.soho-piper.de
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Lost audio on forwarded calls

2014-10-03 Thread Todd R .

OK, been messing with Asterisk for a long time and I have my opinion on where 
the issues lies but sometimes it's just nice to see what others think that can 
relate :-)
Here goes.. 
Inbound calls flow like this:Tier 1 Provider (SIP)  Asterisk 1.8  Name Brand 
PBX - Calls work fine
Outbound calls flow like this:Name Brand PBX  Asterisk 1.8  Tier 1 provider 
(SIP) - Calls work fine

Problem is being reported on that many (not all) calls have no audio when they 
are forwarded.
Example of forwarded call:Inbound call comes in from Tier 1 Provider  Asterisk 
1.8  Name Brand PBX
Name Brand PBX then forwards the call back out to users cell phone:Name Brand 
PBX  Asterisk 1.8  Tier 1 provider
No audio a large percentage of the time.

It's my opinion that the Asterisk box only sees the forwarded call as a regular 
outbound call and forwards it on to the Tier 1 provider then to the users cell 
phone.
I don't see how Asterisk even knows or cares if it was forwarded within the 
Name Brand PBX. The Name Brand PBX is the one making the connection of the 
inbound and outbound call. All other inbound and outbound calls are fine, audio 
is only lost when the Name Brand PBX connects the two calls and creates the 
forward.
Thoughts? -- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Lost audio on forwarded calls

2014-10-03 Thread Steve Totaro

Asterisk does not need to care.  Is it SIP all the way through?

Thanks,
Steve T

On Fri, Oct 3, 2014 at 3:12 PM, Todd R. tjrl...@live.com wrote:

 OK, been messing with Asterisk for a long time and I have my opinion on
 where the issues lies but sometimes it's just nice to see what others think
 that can relate :-)

 Here goes..

 Inbound calls flow like this:
 Tier 1 Provider (SIP)  Asterisk 1.8  Name Brand PBX - Calls work fine

 Outbound calls flow like this:
 Name Brand PBX  Asterisk 1.8  Tier 1 provider (SIP) - Calls work fine


 Problem is being reported on that many (not all) calls have no audio when
 they are forwarded.

 Example of forwarded call:
 Inbound call comes in from Tier 1 Provider  Asterisk 1.8  Name Brand PBX

 Name Brand PBX then forwards the call back out to users cell phone:
 Name Brand PBX  Asterisk 1.8  Tier 1 provider

 No audio a large percentage of the time.


 It's my opinion that the Asterisk box only sees the forwarded call as a
 regular outbound call and forwards it on to the Tier 1 provider then to the
 users cell phone.

 I don't see how Asterisk even knows or cares if it was forwarded within
 the Name Brand PBX. The Name Brand PBX is the one making the connection of
 the inbound and outbound call. All other inbound and outbound calls are
 fine, audio is only lost when the Name Brand PBX connects the two calls and
 creates the forward.

 Thoughts?

 --
 _
 -- Bandwidth and Colocation Provided by http://www.api-digital.com --
 New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

 asterisk-users mailing list
 To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Lost audio on forwarded calls

2014-10-03 Thread Eric Wieling

Any chance this is a simple directmedia and/or NAT issue?

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Steve Totaro
Sent: Friday, October 03, 2014 4:14 PM
To: tjrl...@live.com; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Lost audio on forwarded calls

Asterisk does not need to care.  Is it SIP all the way through?
Thanks,
Steve T

On Fri, Oct 3, 2014 at 3:12 PM, Todd R. 
tjrl...@live.commailto:tjrl...@live.com wrote:
OK, been messing with Asterisk for a long time and I have my opinion on where 
the issues lies but sometimes it's just nice to see what others think that can 
relate :-)

Here goes..

Inbound calls flow like this:
Tier 1 Provider (SIP)  Asterisk 1.8  Name Brand PBX - Calls work fine

Outbound calls flow like this:
Name Brand PBX  Asterisk 1.8  Tier 1 provider (SIP) - Calls work fine

Problem is being reported on that many (not all) calls have no audio when they 
are forwarded.

Example of forwarded call:
Inbound call comes in from Tier 1 Provider  Asterisk 1.8  Name Brand PBX

Name Brand PBX then forwards the call back out to users cell phone:
Name Brand PBX  Asterisk 1.8  Tier 1 provider

No audio a large percentage of the time.

It's my opinion that the Asterisk box only sees the forwarded call as a regular 
outbound call and forwards it on to the Tier 1 provider then to the users cell 
phone.

I don't see how Asterisk even knows or cares if it was forwarded within the 
Name Brand PBX. The Name Brand PBX is the one making the connection of the 
inbound and outbound call. All other inbound and outbound calls are fine, audio 
is only lost when the Name Brand PBX connects the two calls and creates the 
forward.

Thoughts?

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk removes ice lines in sdp when calling between webrtc clients

Re: [asterisk-users] CALLERID(num) and CDR(clid) - originate

[asterisk-users] SPA112: one analog phone works, not the other

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?

[asterisk-users] Lost audio on forwarded calls

Re: [asterisk-users] Lost audio on forwarded calls

Re: [asterisk-users] Lost audio on forwarded calls

13 matches

Site Navigation

Mail list logo

Footer information