David,
There are a few ways you can accomplish this.
How many countries do you want to permit dialing to without a pin? If
only a static handful, it might be easier to setup more granular
dialplan entries to handle calls to those permitted countries (ie:
_01144XX. for UK, etc.) and then have a catch-all (ie: _011XXX.) for
everything else which could require pin-based authentication. If you
have a long list of permitted countries, or you need the list to be more
dynamic and flexible, you could use a generic wildcard on international
calls, and then examine the first 1-3 digits and see if they are on the
"allowed" list (which could be in the dialplan itself, or more
preferably in a database). If they are, process the call, if not, ask
for a pin before continuing. Remember that CCs can be 1-3 digits in
length. Fortunately, there are no 2-digit CCs that overlap with 3-digit
ones where the first 2 match as well (ie: there isn't a 35 and 351 CC).
But unless I'm mistaken, this would mean you would need to run three
different extension comparisons (one for each CC length) to match all
the possible combinations, assuming of course that you want to allow
pinless calls to 1, 2 and 3 digit CCs.
So, off the top of my head, I think something like this might work:
--==--
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:1})}?onwhitelist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:2})}?onwhitelist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:3})}?onwhitelist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:1})}?onblacklist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:2})}?onblacklist)
exten =>
_011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:3})}?onblacklist)
exten => _011XXX.,n,Authenticate(1234,)
exten => _011XXX.,n, [NORMAL DIALPLAN FOR INTERNATIONAL CALLS]
...
exten => _011XXX.,n(onwhitelist), [NORMAL DIALPLAN FOR INTERNATIONAL CALLS]
....
exten => _011XXX.,n(onblacklist), [SOMETHING TO BLOCK THE CALLER AND
WARN YOU]
....
--==--
Bare in mind that I just wrote that quickly, so it's far from complete
and probably has a few errors (not to mention requiring some fill in the
blank), but I think the gist of it would fit your needs. You could then
create two database lists, CCwhitelist and CCblacklist, that could help
to route International calls to different destinations in the dialplan.
The above example would actually give you three different levels of
security: whitelist, blacklist and everything else.
Also, don't simply rely on a pin-based authentication system to block
international toll fraud, as this would be trivial for someone to brute
force in a short amount of time (depending on pin length). You should
add some other mechanism to only allow a small number of attempts before
the IP is blacklisted and trigger a warning to you that something is wrong.
One security tip I would suggest implementing, which I do and outlined a
bit above, is to specifically block certain country codes that I know
would never legitimately be called and have Asterisk warn me if it is
ever attempted. Basically any number on the list of popular toll fraud
destinations. Countries like Sierra Leone, Nigeria, most of Africa in
general, any country that ends in -stan, etc. You can also look at your
provider's rate-deck and see what countries, which you have no intention
of allowing calls to, have very high CPMs and put them on the block/warn
list. This way, even in the event that your PBX is compromised, you will
get an early warning alert that something is going wrong (via email,
etc.) from the call attempt itself. Though this only protects against a
compromised PBX, not the system itself. Some providers will also let you
setup this level of granular call blocking as a failsafe to prevent
crazy bills.
--James
On 01/26/2013 06:11 PM, David Kerr wrote:
Does anyone have a asterisk dialplan that will...
1) Check an outbound international phone number against a list of
permitted country codes.
2) If country code is on list, connect call.
3) if country code is not on list, prompt for a PIN and only connect
if PIN entered correctly.
Thanks,
David
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
