Re: [asterisk-users] Allowing calls - maybe I'm just stupid...
On Thursday 11 Jun 2015, Luca Bertoncello wrote: Well, I decided to do that, since I have my Asterisk reachable from Internet just for my cellphone and I want to avoid that someone guess my password (random and long, but it's of course possible to guess with a brute force attack) and call using my Asterisk... Really? How weak are your passwords, for you to be worried about brute-force attacks? If you configure fail2ban so as to block IP addresses after a set number of false attempts and then unblock after (say) 15 minutes, you can drastically limit the rate at which such attempts can be made without running the risk of locking *yourself* out. Since I'll use rarely my Asterisk from Internet (maybe just if I'm in holiday), I find this limitation meaningful. Well, Asterisk doesn't! Did your mother ever tell you when you were younger and just beginning to expand your horizons, Always tell a grown-up where you are going, before you go out ? Well, that is essentially the purpose of SIP peer registration -- so your mother Asterisk knows where to find you, if an emergency arises a phone call comes in. You always need a username and password to make a call anyway. Introducing a restriction, for you to have to be registered (using the *same* username and password) before you can even make a call, will *not* make that any more secure. Because an attacker who is guessing passwords still needs some way to check them; and it's a fair bet that they will use the guessed passwords in registration attempts. Which means that by the time they come to try to make a call using those credentials, they will already be registered anyway! If you are going to need occasionally to make possibly expensive phone calls from random IP addresses, then you might consider using some form of out-of- band authentication. For instance, have a web page on your Asterisk server, protected by a *different* password, that must be visited to allow that IP address a window of 15 minutes to connect to port 5060. (This in itself can be problematic, if you are not extremely careful -- you absolutely do *not* want to create a situation which can lead to arbitary remote command execution as root. Anytime I have had to do root stuff from within a CGI script, I have written to a file, not the actual commands but enough information to construct them; meanwhile a root cron job run every minute reads the file, does a regexp match on the content, maybe performs the relevant commands and then wipes out the file. The downside of this is a delay before anything happens; but you can use a bit of AJAX in the script output to check every ten seconds whether anything has happened yet. No doubt others will have their own suggestions.) It's good that you are thinking deeply about security, but beware not to get drawn down blind alleys. For instance, if you have a door with a large, single-glazed pane of 6 mm. glass, then there is little point fitting it with an expensive, hard-to-pick lock. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allowing calls - maybe I'm just stupid...
On 06/11/15 10:43, Luca Bertoncello wrote: Zitat von Guido Falsi m...@madpilot.net: So, trying to bind authentication to originate calls to registrations is conceptually wrong in the SIP world. Maybe you can do that but that's not the way the protocols have been engineered to work. Hi Guido, thanks for your answer. Well, I decided to do that, since I have my Asterisk reachable from Internet just for my cellphone and I want to avoid that someone guess my password (random and long, but it's of course possible to guess with a brute force attack) and call using my Asterisk... Since I'll use rarely my Asterisk from Internet (maybe just if I'm in holiday), I find this limitation meaningful. I see, but note that if they do guess your password you're screwed anyway :) -- Guido Falsi m...@madpilot.net -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] asterisk google contacts
Hello everyone. i am running an asterisk server and i would like to have the contacts from google. so every inbound call with fetch the caller ID from google contacts and present it to my screen. could someone help me on that please? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allowing calls - maybe I'm just stupid...
Zitat von Guido Falsi m...@madpilot.net: So, trying to bind authentication to originate calls to registrations is conceptually wrong in the SIP world. Maybe you can do that but that's not the way the protocols have been engineered to work. Hi Guido, thanks for your answer. Well, I decided to do that, since I have my Asterisk reachable from Internet just for my cellphone and I want to avoid that someone guess my password (random and long, but it's of course possible to guess with a brute force attack) and call using my Asterisk... Since I'll use rarely my Asterisk from Internet (maybe just if I'm in holiday), I find this limitation meaningful. Thanks Luca Bertoncello (lucab...@lucabert.de) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] asterisk google contacts
On Thursday 11 Jun 2015, tux john wrote: Hello everyone. i am running an asterisk server and i would like to have the contacts from google. so every inbound call with fetch the caller ID from google contacts and present it to my screen. This is really three problems, as follows: (1) Accessing the Google Contacts API to retrieve someone's details based on their phone number. (2) Passing the incoming caller's number to an AGI script. (3) Displaying the details retrieved from Google on your screen. Presuming you already know how to write a program to look up a Google contact's details from their phone number, you just need to turn that into an AGI script. Then, in your dialplan, pass the incoming number to that script. If you want Asterisk itself to have anything to do with the Google data, you will have to return them by setting channel variables within the script. Or if you are going to use some external means to pass the data to the user, then you can have your script fork itself, detach and return straight away. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Call accepted from not registered peers?
On 2015-06-11 00:31, Luca Bertoncello wrote: Hi list! So, new day, new problem... I tried right now to call from my cellphone a peer in my Asterisk. The cellphone has correct credentials, but it's NOT registered on my Asterisk, now. I just tried to call a peer in my network, from a peer not yet registered. And it works... :( The very curious thing is, that I can't find how the call will be accepted... Every section in my dialplan has a log, and no log will be displayed on the CLI... I just see: == Using SIP RTP CoS mark 5 -- Executing [004935@default:1] Dial(SIP/0049177333-000b, SIP/004935DAHDI/1) in new stack == Using SIP RTP CoS mark 5 -- Called SIP/004935 [Jun 11 07:26:04] WARNING[4347]: channel.c:5754 ast_request: No channel type registered for 'DAHDI' [Jun 11 07:26:04] WARNING[4347]: app_dial.c:2345 dial_exec_full: Unable to create channel of type 'DAHDI' (cause 66 - Channel not implemented) -- SIP/004935-000c is ringing == Spawn extension (default, 004935, 1) exited non-zero on 'SIP/0049177333-000b' I tried to remove ALL includes in my [default], leaving just a log, but it calls, too... My [default] exten = _X.,1,Verbose(2,DEFAULT) include = internal_calls include = luca_incoming include = fax_incoming include = anika_incoming include = messagenet_incoming include = myproxy What's wrong, now? Many thanks for your help! It does not matter that your phone is not registered with Asterisk. As long as it has the proper credentials it will be able to send calls. You only need to register if you want to RECEIVE calls on that phone. -- Telecomunicaciones Abiertas de México S.A. de C.V. Carlos Chávez dCAP #1349 +52 (55)9116-91161 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] asterisk google contacts
Take a look at the smartCID script available from www.telium.cahttp://www.telium.ca/? It does a web based CID lookup on incoming calls, you can at least use that as a starting point for development... From: asterisk-users-boun...@lists.digium.com asterisk-users-boun...@lists.digium.com on behalf of tux john a...@null.net Sent: Thursday, June 11, 2015 9:32 AM To: Asterisk Users List Cc: Asterisk Users List Subject: Re: [asterisk-users] asterisk google contacts I am afraid i do not know how to write that. Sent: Thursday, June 11, 2015 at 2:05 PM From: A J Stiles asterisk_l...@earthshod.co.uk To: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Subject: Re: [asterisk-users] asterisk google contacts On Thursday 11 Jun 2015, tux john wrote: Hello everyone. i am running an asterisk server and i would like to have the contacts from google. so every inbound call with fetch the caller ID from google contacts and present it to my screen. This is really three problems, as follows: (1) Accessing the Google Contacts API to retrieve someone's details based on their phone number. (2) Passing the incoming caller's number to an AGI script. (3) Displaying the details retrieved from Google on your screen. Presuming you already know how to write a program to look up a Google contact's details from their phone number, you just need to turn that into an AGI script. Then, in your dialplan, pass the incoming number to that script. If you want Asterisk itself to have anything to do with the Google data, you will have to return them by setting channel variables within the script. Or if you are going to use some external means to pass the data to the user, then you can have your script fork itself, detach and return straight away. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.comhttp://www.api-digital.com/ -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fritzbox 7490
On 08-06-15 19:00, Christian wrote: Hi, Sorry if off topic, but is anyone here on this list using it? I am currently searching for a good router for my home network wich supports SIP. Many thanks! I use a 7360 and it works ok but if the 7490's firmware is anything like the 7360 then be prepared for some fixing before it works with Asterisk SIP on port 5060: http://blog.laimbock.com/2014/03/27/how-to-make-asterisk-work-behind-fritz-box/ HTH, Patrick -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] asterisk google contacts
I am afraid i do not know how to write that. Sent:Thursday, June 11, 2015 at 2:05 PM From:A J Stiles asterisk_l...@earthshod.co.uk To:Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Subject:Re: [asterisk-users] asterisk google contacts On Thursday 11 Jun 2015, tux john wrote: Hello everyone. i am running an asterisk server and i would like to have the contacts from google. so every inbound call with fetch the caller ID from google contacts and present it to my screen. This is really three problems, as follows: (1) Accessing the Google Contacts API to retrieve someones details based on their phone number. (2) Passing the incoming callers number to an AGI script. (3) Displaying the details retrieved from Google on your screen. Presuming you already know how to write a program to look up a Google contacts details from their phone number, you just need to turn that into an AGI script. Then, in your dialplan, pass the incoming number to that script. If you want Asterisk itself to have anything to do with the Google data, you will have to return them by setting channel variables within the script. Or if you are going to use some external means to pass the data to the user, then you can have your script fork itself, detach and return straight away. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] asterisk google contacts
In that case you would have to take some professional help. Mitul On Thursday, June 11, 2015, tux john a...@null.net wrote: I am afraid i do not know how to write that. *Sent:* Thursday, June 11, 2015 at 2:05 PM *From:* A J Stiles asterisk_l...@earthshod.co.uk javascript:_e(%7B%7D,'cvml','asterisk_l...@earthshod.co.uk'); *To:* Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com javascript:_e(%7B%7D,'cvml','asterisk-users@lists.digium.com'); *Subject:* Re: [asterisk-users] asterisk google contacts On Thursday 11 Jun 2015, tux john wrote: Hello everyone. i am running an asterisk server and i would like to have the contacts from google. so every inbound call with fetch the caller ID from google contacts and present it to my screen. This is really three problems, as follows: (1) Accessing the Google Contacts API to retrieve someone's details based on their phone number. (2) Passing the incoming caller's number to an AGI script. (3) Displaying the details retrieved from Google on your screen. Presuming you already know how to write a program to look up a Google contact's details from their phone number, you just need to turn that into an AGI script. Then, in your dialplan, pass the incoming number to that script. If you want Asterisk itself to have anything to do with the Google data, you will have to return them by setting channel variables within the script. Or if you are going to use some external means to pass the data to the user, then you can have your script fork itself, detach and return straight away. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Regards, Mitul Limbani, Business Head, Enterux Solutions Pvt. Ltd. 110 Reena Complex, Opp. Nathani Steel, Vidyavihar (W), Mumbai - 400 086. India http://www.enterux.com/ http://www.entvoice.com/ email: mi...@enterux.in DID: +91-22-71967196 Cell: +91-9820332422 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allowing calls - maybe I'm just stupid... [almost solved]
Zitat von Luca Bertoncello lucab...@lucabert.de:
Now my problem is to check in my dialplan if the peer, that
originate the call, is reachable, and if not, to give an error...
Is there any function to know if the peer is reachable?
I answer myself...
I did that (in my [myproxy]-context):
exten = _X.,n,Set(reachable=${SHELL(asterisk -rx sip show peer
${CALLERID(num)} | grep Status | grep OK)})
exten = _X.,n,GotoIf($[${LEN(${reachable})} = 0]?notallowed)
exten = _X.,n(notallowed),Set(ip=${SIPPEER(${CALLERID(num)},ip)})
exten = _X.,n,Log(WARNING,Refusing call from UNREACHABLE peer
${CALLERID(num)} to ${EXTEN}. Call from IP ${ip})
exten = _X.,n,Playback(privacy-incorrect)
exten = _X.,n,Hangup
and it works.
But I'm not very happy to call the CLI for this test... Is there
another possibility to do my check?
Thanks
Luca Bertoncello
(lucab...@lucabert.de)
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allowing calls - maybe I'm just stupid...
On Thursday 11 Jun 2015, Luca Bertoncello wrote: Now my problem is to check in my dialplan if the peer, that originate the call, is reachable, and if not, to give an error... Is there any function to know if the peer is reachable? The peer that *originated* the call *must* be reachable, by definition . -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allowing calls - maybe I'm just stupid...
Zitat von A J Stiles asterisk_l...@earthshod.co.uk: On Thursday 11 Jun 2015, Luca Bertoncello wrote: Now my problem is to check in my dialplan if the peer, that originate the call, is reachable, and if not, to give an error... Is there any function to know if the peer is reachable? The peer that *originated* the call *must* be reachable, by definition . I can originate a call even if my peer is UNREACHABLE (sip show peers say UNREACHABLE)... But I solved using the function EXTENDED_STATE... Regards Luca Bertoncello (lucab...@lucabert.de) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Allowing calls - maybe I'm just stupid...
Hi again! About my previous E-Mail... I though about it and I think, that maybe I'm just very stupid... Since I called an INTERNAL number, Asterisk tried to call it. I tried right now to call an EXTERNAL number (using my context [myproxy]) and the behavior is NOT the same... Not 100% correct, but it tries the right way... Now my problem is to check in my dialplan if the peer, that originate the call, is reachable, and if not, to give an error... Is there any function to know if the peer is reachable? Thanks Luca Bertoncello (lucab...@lucabert.de) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allowing calls - maybe I'm just stupid...
On 06/11/15 09:56, Luca Bertoncello wrote: Zitat von A J Stiles asterisk_l...@earthshod.co.uk: On Thursday 11 Jun 2015, Luca Bertoncello wrote: Now my problem is to check in my dialplan if the peer, that originate the call, is reachable, and if not, to give an error... Is there any function to know if the peer is reachable? The peer that *originated* the call *must* be reachable, by definition . I can originate a call even if my peer is UNREACHABLE (sip show peers say UNREACHABLE)... But I solved using the function EXTENDED_STATE... I think the confusion here stands in the fact that registrations are for receiving calls, a peer registers to tell asterisk Hey, here is where to find me in case you need to ring me. When the same peer wants to make a call it will send an invite to asterisk with the details for that call AND the authentication, it's completely decoupled from registration, it just uses the same credential but authenticates each time. Registration then isn't like logging in to a service, or at least, it's like that but just for getting calls, to make a call your phone has to authenticate each time he sends an invite. That's why it works without being registered. So, trying to bind authentication to originate calls to registrations is conceptually wrong in the SIP world. Maybe you can do that but that's not the way the protocols have been engineered to work. -- Guido Falsi m...@madpilot.net -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
