Oops.
Those dialplan examples should read
...{EXTEN:*3*:1}...{EXTEN:*3*:2}...{EXTEN:*3*:3}... as you need to
offset the preceding 011 first.
See, I knew I had some errors in there!
--James
On 01/26/2013 11:29 PM, James Babiak wrote:
David,
There are a few ways you can accomplish this.
How many countries do you want to permit dialing to without a pin? If
only a static handful, it might be easier to setup more granular
dialplan entries to handle calls to those permitted countries (ie:
_01144XX. for UK, etc.) and then have a catch-all (ie: _011XXX.) for
everything else which could require pin-based authentication. If you
have a long list of permitted countries, or you need the list to be
more dynamic and flexible, you could use a generic wildcard on
international calls, and then examine the first 1-3 digits and see if
they are on the "allowed" list (which could be in the dialplan itself,
or more preferably in a database). If they are, process the call, if
not, ask for a pin before continuing. Remember that CCs can be 1-3
digits in length. Fortunately, there are no 2-digit CCs that overlap
with 3-digit ones where the first 2 match as well (ie: there isn't a
35 and 351 CC). But unless I'm mistaken, this would mean you would
need to run three different extension comparisons (one for each CC
length) to match all the possible combinations, assuming of course
that you want to allow pinless calls to 1, 2 and 3 digit CCs.
So, off the top of my head, I think something like this might work:
--==--
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:1})}?onwhitelist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:2})}?onwhitelist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:3})}?onwhitelist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:1})}?onblacklist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:2})}?onblacklist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:3})}?onblacklist)
exten => _011XXX.,n,Authenticate(1234,)
exten => _011XXX.,n, [NORMAL DIALPLAN FOR INTERNATIONAL CALLS]
...
exten => _011XXX.,n(onwhitelist), [NORMAL DIALPLAN FOR INTERNATIONAL
CALLS]
....
exten => _011XXX.,n(onblacklist), [SOMETHING TO BLOCK THE CALLER AND
WARN YOU]
....
--==--
Bare in mind that I just wrote that quickly, so it's far from complete
and probably has a few errors (not to mention requiring some fill in
the blank), but I think the gist of it would fit your needs. You could
then create two database lists, CCwhitelist and CCblacklist, that
could help to route International calls to different destinations in
the dialplan. The above example would actually give you three
different levels of security: whitelist, blacklist and everything else.
Also, don't simply rely on a pin-based authentication system to block
international toll fraud, as this would be trivial for someone to
brute force in a short amount of time (depending on pin length). You
should add some other mechanism to only allow a small number of
attempts before the IP is blacklisted and trigger a warning to you
that something is wrong.
One security tip I would suggest implementing, which I do and outlined
a bit above, is to specifically block certain country codes that I
know would never legitimately be called and have Asterisk warn me if
it is ever attempted. Basically any number on the list of popular toll
fraud destinations. Countries like Sierra Leone, Nigeria, most of
Africa in general, any country that ends in -stan, etc. You can also
look at your provider's rate-deck and see what countries, which you
have no intention of allowing calls to, have very high CPMs and put
them on the block/warn list. This way, even in the event that your PBX
is compromised, you will get an early warning alert that something is
going wrong (via email, etc.) from the call attempt itself. Though
this only protects against a compromised PBX, not the system itself.
Some providers will also let you setup this level of granular call
blocking as a failsafe to prevent crazy bills.
--James
On 01/26/2013 06:11 PM, David Kerr wrote:
Does anyone have a asterisk dialplan that will...
1) Check an outbound international phone number against a list of
permitted country codes.
2) If country code is on list, connect call.
3) if country code is not on list, prompt for a PIN and only connect
if PIN entered correctly.
Thanks,
David
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal
[email protected].
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
