Re: [asterisk-users] Asterisk removes ice lines in sdp when calling between webrtc clients
On Thu, Oct 2, 2014 at 10:18 AM, Olli Heiskanen ohjelmistoarkkite...@gmail.com wrote: Hi, Thanks Eric for your reply, yes I know Asterisk replaces the sdp, however it should create ice lines when calling to a webrtc client, which it is currently not doing. To recap my problem (check previous messages for details); I have 2 webrtc clients (sip.js on chrome) with realtime information that appears to be correct. When calling from A to B, INVITE coming to Asterisk contains correct sdp, but when the INVITE leaves Asterisk, the sdp lacks ice lines. Unfortunately, I can't reproduce this. We've been running a lot of tests with a variety of SIP clients over the past week here at SIPit - both with and without ICE - and I haven't had a single instance of Asterisk failing to provide any ICE candidates when it is properly configured to do so. -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] CALLERID(num) and CDR(clid) - originate
On Wed, Oct 1, 2014 at 8:00 AM, Gabriel Ortiz Lour ortiz.ad...@gmail.com wrote: Hello, A question on channel originating (call files and AMI Originate): How can I change the CALLERID(num) var (because of the E1 provider needs), but having another númber (the original one) stored on the clid CDR field on the database? You can't. The clid CDR field cannot be modified from the dialplan, and is always set to the caller ID of the channel. If you change the caller ID on the channel, you can expect the CDR clid field to reflect that. That being said, if you are using a flexible backend (such as cdr_custom or cdr_adaptive_odbc), you can add a custom column to your CDR records - such as 'clid_original' - and use the CDR function to set that value prior to changing the caller ID: exten = Set(CDR(clid_original)=${CALLERID(num)}) exten = Set(CALLERID(num)=6575309) Matt -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] SPA112: one analog phone works, not the other
Hello, I'm preparing a setup before installing it within the next few days. In this setup, I'm using a SPA112 as an ATA for an analog phone. The target phone is a Gigaset A400 DECT handset. In my lab, I've got another A400 handset and an old Matracom 46 handset. When I connect my Matracom 46 handset to my SPA112, I can send and receive calls. When I connect my A400 handset to the same SPA112 port, I can receive calls (from SIP to analog) but cannot send (from analog to SIP) : nothing shows at asterisk console. When connecting this A400 handset to my provider box (which also has an FXS port), I can successfully send and receive. From this, I conclude my A400 works but differently from my other handset. Basically, when dialing out with my A400, I'm observing this: - I dial my full number (eg 0123456789) then press Send key (as with a mobile phone), - then I hear a long dialing tone from the SPA112 (unplugging the cable between both cut this tone off), - then I hear dialing tones back (those are sent quite fast, one tone for each dialed digit), - then I hear a busy tone and nothing shows at asterisk console. Which SPA112 settings shall I change to get this A400 to work ? What would you suggest ? Regards -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354 callto:00972597438354 Oct 3 18:53:17 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=00972597438354 callto:00972597438354 Oct 3 19:06:37 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=000972597438354 Oct 3 19:19:45 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=972597438354 Oct 3 19:32:59 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=*000972597438354 Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Am 03.10.2014 um 14:52 schrieb Rainer Piper: Am 02.10.2014 um 15:40 schrieb Tzafrir Cohen: On Thu, Oct 02, 2014 at 07:52:34AM +0200, Rainer Piper wrote: Is the destination Number like Country Code +972? +972 59 xx(x) mobile - Jawall [moving to 7-digit subscriber numbers] source -http://www.wtng.info/wtng-972-il.html That page is slightly dated. +972 59 XXX are all the numbers in the Palestinian Authority (there are several providers besides Jawall). My SIP Proxy logs all the unauth. INVITEs and I found the a lot calls go to the Country code +972 xxx As a resident of +972 (+972-4), I'll just note that those hack attempts are typically related to PA numbers (+972-59) as rates there are higher. Hi Tzafrir, ok, the page www.wtng.info is not really up to date. here some logs to see the variations of the attempt to dial over my proxy Oct 3 11:23:06 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519 callto:00972592910519 Oct 3 11:42:52 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=972592910519 Oct 3 11:53:15 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=700972592910519 Oct 3 12:06:32 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=200972592910519 Oct 3 12:20:04 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=#00972592910519 callto:00972592910519 Oct 3 12:32:53 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*000972592910519 Oct 3 12:45:35 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*972592910519 Oct 3 12:57:42 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=900972592910519 Oct 3 13:09:37 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=7700972592910519 Oct 3 13:21:24 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=66600972592910519 Oct 3 13:33:11 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519 and the source IP 69.30.254.234 is coming from OrgName:WholeSale Internet, Inc. OrgId: WHOLE-125 Address:324 E. 11th St. Address:Suite 1000 City: Kansas City StateProv: MO PostalCode: 64106 Country:US very strange ;-) -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 callto:004922897167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.de -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.de -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
We set up our servers to allowguest=yes and autocreatepeer=yes and use a global context setting to point any of those calls to an IVR jail.Attempts stop reasonably quickly. An empty room with an unlocked door is far less interesting than a room with the door locked. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Rainer Piper Sent: Friday, October 03, 2014 1:53 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ? the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354callto:00972597438354 Oct 3 18:53:17 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=00972597438354callto:00972597438354 Oct 3 19:06:37 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=000972597438354 Oct 3 19:19:45 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=972597438354 Oct 3 19:32:59 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=*000972597438354 Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Am 03.10.2014 um 14:52 schrieb Rainer Piper: Am 02.10.2014 um 15:40 schrieb Tzafrir Cohen: On Thu, Oct 02, 2014 at 07:52:34AM +0200, Rainer Piper wrote: Is the destination Number like Country Code +972? +972 59 xx(x) mobile - Jawall [moving to 7-digit subscriber numbers] source - http://www.wtng.info/wtng-972-il.html That page is slightly dated. +972 59 XXX are all the numbers in the Palestinian Authority (there are several providers besides Jawall). My SIP Proxy logs all the unauth. INVITEs and I found the a lot calls go to the Country code +972 xxx As a resident of +972 (+972-4), I'll just note that those hack attempts are typically related to PA numbers (+972-59) as rates there are higher. Hi Tzafrir, ok, the page www.wtng.infohttp://www.wtng.info is not really up to date. here some logs to see the variations of the attempt to dial over my proxy Oct 3 11:23:06 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519callto:00972592910519 Oct 3 11:42:52 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=972592910519 Oct 3 11:53:15 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=700972592910519 Oct 3 12:06:32 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=200972592910519 Oct 3 12:20:04 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=#00972592910519callto:00972592910519 Oct 3 12:32:53 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*000972592910519 Oct 3 12:45:35 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*972592910519 Oct 3 12:57:42 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=900972592910519 Oct 3 13:09:37 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=7700972592910519 Oct 3 13:21:24 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=66600972592910519 Oct 3 13:33:11 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519 and the source IP 69.30.254.234 is coming from OrgName:WholeSale Internet, Inc. OrgId: WHOLE-125 Address:324 E. 11th St. Address:Suite 1000 City: Kansas City StateProv: MO PostalCode: 64106 Country:US very strange ;-) -- Rainer Piper Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161callto:004922897167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.demailto:rai...@xmpp.soho-piper.de -- Rainer Piper Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.demailto:rai...@xmpp.soho-piper.de -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit:
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
On 3/10/14 6:52 pm, Rainer Piper wrote: the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354 callto:00972597438354 It's pretty much an everyday occurrence for any internet-connected SIP system these days... Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Many of these attacks come from fairly easily recognised user-agent strings, so if you fancy doing a bit of packet inspection with your firewall, you can block many of these before they get as far as your SIP server(s) themselves. For example, the sipcli scans you listed above can be blocked fairly easily with: iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string sipcli -j DROP (obviously there are overheads to string searching UDP/5060 packets that you'll want to consider, and the above won't work if you're using sipcli legitimately anywhere on your network) Kind regards, Chris -- This email is made from 100% recycled electrons -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
Hi Eric I like your approach. I think about stateless redirect the bad boy to the NSA- or Pentagon-IVR LOL Am 03.10.2014 um 20:01 schrieb Eric Wieling: We set up our servers to allowguest=yes and autocreatepeer=yes and use a global context setting to point any of those calls to an IVR jail.Attempts stop reasonably quickly. An empty room with an unlocked door is far less interesting than a room with the door locked. *From:*asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Rainer Piper *Sent:* Friday, October 03, 2014 1:53 PM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ? the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354 callto:00972597438354 Oct 3 18:53:17 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=00972597438354 callto:00972597438354 Oct 3 19:06:37 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=000972597438354 Oct 3 19:19:45 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=972597438354 Oct 3 19:32:59 server /sbin/kamailio[3978]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=*000972597438354 Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Am 03.10.2014 um 14:52 schrieb Rainer Piper: Am 02.10.2014 um 15:40 schrieb Tzafrir Cohen: On Thu, Oct 02, 2014 at 07:52:34AM +0200, Rainer Piper wrote: Is the destination Number like Country Code +972? +972 59 xx(x) mobile - Jawall [moving to 7-digit subscriber numbers] source -http://www.wtng.info/wtng-972-il.html That page is slightly dated. +972 59 XXX are all the numbers in the Palestinian Authority (there are several providers besides Jawall). My SIP Proxy logs all the unauth. INVITEs and I found the a lot calls go to the Country code +972 xxx As a resident of +972 (+972-4), I'll just note that those hack attempts are typically related to PA numbers (+972-59) as rates there are higher. Hi Tzafrir, ok, the page www.wtng.info http://www.wtng.info is not really up to date. here some logs to see the variations of the attempt to dial over my proxy Oct 3 11:23:06 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519 callto:00972592910519 Oct 3 11:42:52 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=972592910519 Oct 3 11:53:15 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=700972592910519 Oct 3 12:06:32 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=200972592910519 Oct 3 12:20:04 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=#00972592910519 callto:00972592910519 Oct 3 12:32:53 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*000972592910519 Oct 3 12:45:35 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=*972592910519 Oct 3 12:57:42 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=900972592910519 Oct 3 13:09:37 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=7700972592910519 Oct 3 13:21:24 server /sbin/kamailio[7217]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=66600972592910519 Oct 3 13:33:11 server /sbin/kamailio[7218]: NOTICE: script: blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=null rU=00972592910519 and the source IP 69.30.254.234 is coming from OrgName:WholeSale Internet, Inc. OrgId: WHOLE-125 Address:324 E. 11th St. Address:Suite 1000 City: Kansas City StateProv: MO PostalCode: 64106 Country:US very strange ;-) -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 callto:004922897167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.de mailto:rai...@xmpp.soho-piper.de -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
Hi Chris, yes ... it is boring ... I stop posting ... ;-) Am 03.10.2014 um 20:11 schrieb Chris Bagnall: On 3/10/14 6:52 pm, Rainer Piper wrote: the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354 callto:00972597438354 It's pretty much an everyday occurrence for any internet-connected SIP system these days... Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Many of these attacks come from fairly easily recognised user-agent strings, so if you fancy doing a bit of packet inspection with your firewall, you can block many of these before they get as far as your SIP server(s) themselves. For example, the sipcli scans you listed above can be blocked fairly easily with: iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string sipcli -j DROP (obviously there are overheads to string searching UDP/5060 packets that you'll want to consider, and the above won't work if you're using sipcli legitimately anywhere on your network) Kind regards, Chris -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.de -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
just one more ;-) the source IP just changed to 142.0.41.179 OrgName:VolumeDrive OrgId: VOLUM-2 Address:1143 Northern Blvd City: Clarks Summit StateProv: PA PostalCode: 18411 Country:US and the destination Number to 972595632276 callto:00972595632276 Oct 3 20:26:37 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 142.0.41.179 sipcli/v1.8 rm=INVITE aU=null rU=+972595632276 callto:00972595632276 Am 03.10.2014 um 20:15 schrieb Rainer Piper: Hi Chris, yes ... it is boring ... I stop posting ... ;-) Am 03.10.2014 um 20:11 schrieb Chris Bagnall: On 3/10/14 6:52 pm, Rainer Piper wrote: the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354 callto:00972597438354 It's pretty much an everyday occurrence for any internet-connected SIP system these days... Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Many of these attacks come from fairly easily recognised user-agent strings, so if you fancy doing a bit of packet inspection with your firewall, you can block many of these before they get as far as your SIP server(s) themselves. For example, the sipcli scans you listed above can be blocked fairly easily with: iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string sipcli -j DROP (obviously there are overheads to string searching UDP/5060 packets that you'll want to consider, and the above won't work if you're using sipcli legitimately anywhere on your network) Kind regards, Chris -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.de -- *Rainer Piper* Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.de -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ?
There are lots of ways to solve this, and NOT to solve this. Don't start adding lots of rules to iptables (or deep per packet inspection requirements) as this will hurt capacity...and it doesn't really solve the problem Take a look at http://www.voip-info.org/wiki/view/Asterisk+security If you are running a small system I recommend trying the free version of SecAst. If you're running a larger PBX, the SecAst GeoIP blocking (deny/allow by country/city/etc) will remove 99% of the attacks. Take a good look at the page above for options...free/paid, software/hardware Michelle *All opinions are my own, and do not represent my employer. Since I'm employed by GenerationD, you can bet that my opinions are biased :) From: asterisk-users-boun...@lists.digium.com asterisk-users-boun...@lists.digium.com on behalf of Rainer Piper rainer.pi...@soho-piper.de Sent: Friday, October 3, 2014 2:15 PM To: Asterisk Users List Subject: Re: [asterisk-users] PBX hacked: why hundred of calls to the same number ? Hi Chris, yes ... it is boring ... I stop posting ... ;-) Am 03.10.2014 um 20:11 schrieb Chris Bagnall: On 3/10/14 6:52 pm, Rainer Piper wrote: the attacking server changed the destination Number at 18:53 CEST and he is still blocked ... LOL 972597438354 callto:00972597438354callto:00972597438354 It's pretty much an everyday occurrence for any internet-connected SIP system these days... Oct 3 19:46:20 server /sbin/kamailio[3977]: NOTICE: script: blocking IP 62.210.149.136 sipcli/v1.8 rm=INVITE aU=null rU=100972597438354 Many of these attacks come from fairly easily recognised user-agent strings, so if you fancy doing a bit of packet inspection with your firewall, you can block many of these before they get as far as your SIP server(s) themselves. For example, the sipcli scans you listed above can be blocked fairly easily with: iptables -A INPUT -p udp --dport 5060 -m string --algo bm --string sipcli -j DROP (obviously there are overheads to string searching UDP/5060 packets that you'll want to consider, and the above won't work if you're using sipcli legitimately anywhere on your network) Kind regards, Chris -- Rainer Piper Integration engineer Koeslinstr. 56 53123 BONN GERMANY Phone: +49 228 97167161 P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test) XMPP: rai...@xmpp.soho-piper.demailto:rai...@xmpp.soho-piper.de -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Lost audio on forwarded calls
OK, been messing with Asterisk for a long time and I have my opinion on where the issues lies but sometimes it's just nice to see what others think that can relate :-) Here goes.. Inbound calls flow like this:Tier 1 Provider (SIP) Asterisk 1.8 Name Brand PBX - Calls work fine Outbound calls flow like this:Name Brand PBX Asterisk 1.8 Tier 1 provider (SIP) - Calls work fine Problem is being reported on that many (not all) calls have no audio when they are forwarded. Example of forwarded call:Inbound call comes in from Tier 1 Provider Asterisk 1.8 Name Brand PBX Name Brand PBX then forwards the call back out to users cell phone:Name Brand PBX Asterisk 1.8 Tier 1 provider No audio a large percentage of the time. It's my opinion that the Asterisk box only sees the forwarded call as a regular outbound call and forwards it on to the Tier 1 provider then to the users cell phone. I don't see how Asterisk even knows or cares if it was forwarded within the Name Brand PBX. The Name Brand PBX is the one making the connection of the inbound and outbound call. All other inbound and outbound calls are fine, audio is only lost when the Name Brand PBX connects the two calls and creates the forward. Thoughts? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Lost audio on forwarded calls
Asterisk does not need to care. Is it SIP all the way through? Thanks, Steve T On Fri, Oct 3, 2014 at 3:12 PM, Todd R. tjrl...@live.com wrote: OK, been messing with Asterisk for a long time and I have my opinion on where the issues lies but sometimes it's just nice to see what others think that can relate :-) Here goes.. Inbound calls flow like this: Tier 1 Provider (SIP) Asterisk 1.8 Name Brand PBX - Calls work fine Outbound calls flow like this: Name Brand PBX Asterisk 1.8 Tier 1 provider (SIP) - Calls work fine Problem is being reported on that many (not all) calls have no audio when they are forwarded. Example of forwarded call: Inbound call comes in from Tier 1 Provider Asterisk 1.8 Name Brand PBX Name Brand PBX then forwards the call back out to users cell phone: Name Brand PBX Asterisk 1.8 Tier 1 provider No audio a large percentage of the time. It's my opinion that the Asterisk box only sees the forwarded call as a regular outbound call and forwards it on to the Tier 1 provider then to the users cell phone. I don't see how Asterisk even knows or cares if it was forwarded within the Name Brand PBX. The Name Brand PBX is the one making the connection of the inbound and outbound call. All other inbound and outbound calls are fine, audio is only lost when the Name Brand PBX connects the two calls and creates the forward. Thoughts? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Lost audio on forwarded calls
Any chance this is a simple directmedia and/or NAT issue? From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Steve Totaro Sent: Friday, October 03, 2014 4:14 PM To: tjrl...@live.com; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Lost audio on forwarded calls Asterisk does not need to care. Is it SIP all the way through? Thanks, Steve T On Fri, Oct 3, 2014 at 3:12 PM, Todd R. tjrl...@live.commailto:tjrl...@live.com wrote: OK, been messing with Asterisk for a long time and I have my opinion on where the issues lies but sometimes it's just nice to see what others think that can relate :-) Here goes.. Inbound calls flow like this: Tier 1 Provider (SIP) Asterisk 1.8 Name Brand PBX - Calls work fine Outbound calls flow like this: Name Brand PBX Asterisk 1.8 Tier 1 provider (SIP) - Calls work fine Problem is being reported on that many (not all) calls have no audio when they are forwarded. Example of forwarded call: Inbound call comes in from Tier 1 Provider Asterisk 1.8 Name Brand PBX Name Brand PBX then forwards the call back out to users cell phone: Name Brand PBX Asterisk 1.8 Tier 1 provider No audio a large percentage of the time. It's my opinion that the Asterisk box only sees the forwarded call as a regular outbound call and forwards it on to the Tier 1 provider then to the users cell phone. I don't see how Asterisk even knows or cares if it was forwarded within the Name Brand PBX. The Name Brand PBX is the one making the connection of the inbound and outbound call. All other inbound and outbound calls are fine, audio is only lost when the Name Brand PBX connects the two calls and creates the forward. Thoughts? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users