David, You could use a temporary (family/key) /auth/pass and then check if "/auth/pass" still exists in the database after calling Authenticate().
Lonnie On Jan 27, 2013, at 2:26 PM, David Kerr wrote: > But why would I want to remove the db key? It needs to stay for the next > time someone tries to authenticate? > > David > > > On Sun, Jan 27, 2013 at 2:54 PM, Lonnie Abelbeck <[email protected]> > wrote: > Newer Asterisk's (1.8 and 11) have an 'r' option "Remove the database key > upon successful entry (valid with d only)" > > Application_Authenticate > https://wiki.asterisk.org/wiki/display/AST/Application_Authenticate > > Lonnie > > > On Jan 27, 2013, at 1:37 PM, David Kerr wrote: > > > That option may have existed in the past but it is not available any more > > (1.8, 10, 11) I even checked the source core for app_authenticate.c and it > > is not there. Seems odd, as there should be a way to determine that > > authentication failed. > > > > David > > > > > > On Sun, Jan 27, 2013 at 1:48 PM, James Babiak <[email protected]> wrote: > > David, > > > > This might be a possible solution for your Authenticate issue (from > > voip-info.org, Authenticate options): > > • j - jump to priority n+101 if the authentication fails and that > > priority exists (1.4-, 1.6+) > > I've never used it myself, so I'm not sure how well it works, but it looks > > like it would allow you to handle failed authentications differently then > > just a hangup. So maybe something like this: > > exten => n(blocked),Authenticate(/whitelist,da,4) > > exten => blocked+101,Goto(fraud) > > ... > > exten => n(fraud),... > > > > --James > > > > > > On 01/27/2013 11:34 AM, David Kerr wrote: > >> James, > >> Thanks. I came up with something very similar to you... I created a > >> subroutine that would be called from the international calling rules > >> section of my dialplan and compares the country code against a comma > >> separated list pulled from the astdb. Subroutine can be called either > >> with or without the international dial prefix. It has to be fairly complex > >> thanks to North American Numbering Plan that has caribbean countries in > >> the '1' country code. One might want to permit all of the USA but block a > >> few caribbean countries. Or block the whole of the USA but permit a > >> handful of caribbean countries (or US area codes). > >> > >> Another problem I have not tackled is how to determine if Authenticate() > >> fails, and therefore to block the IP. The documentation says that users > >> have three attempts before the channel is hungup. I can catch that hangup > >> in a 'h' exten but don't know how to tell that the hangup is from > >> Authanticate() failing rather than user hangup without attempting to enter > >> PIN. > >> > >> Check this out... > >> > >> > >> [check-international] > >> exten => _00X.,1,Goto(${EXTEN:2},1) > >> exten => _011X.,1,Goto(${EXTEN:3},1) > >> exten => _X.,1,NoOp(Check if country code in blocked or permitted list) > >> same => > >> n,GotoIf(${DB_EXISTS(actionlist/CountryCodesBlocked)}?checkblocked) > >> same => > >> n(checkpermitted),GotoIf(${DB_EXISTS(actionlist/CountryCodesPermitted)}?checkcode) > >> same => n(oktodial),Return() > >> same => n(checkcode),NoOp(Check ${EXTEN} against permitted list > >> ${DB_RESULT}) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:1})}?oktodial) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:2})}?oktodial) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:3})}?oktodial) > >> same => > >> n(checkpermitted4),GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:4})}?oktodial) > >> same => n(blocked),Authenticate(/whitelist,da,4) > >> same => n,Set(CDR(userfield)=${CDR(userfield)}-PIN > >> OK-${DB(whitelistcomment/${CDR(accountcode)})}) > >> same => n,Background(pls-wait-connect-call) > >> same => n,Goto(oktodial) > >> same => n(checkblocked),NoOp(Check ${EXTEN} against blocked list > >> ${DB_RESULT}) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:1})}?checkNANP) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:2})}?blocked) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:3})}?blocked) > >> same => n,GotoIf(${FIELDNUM(DB_RESULT,\,,${EXTEN:0:4})}?blocked) > >> same => n,Goto(checkpermitted) > >> same => > >> n(checkNANP),GotoIf(${DB_EXISTS(actionlist/CountryCodesPermitted)}?checkpermitted4) > >> same => n,Goto(oktodial) > >> exten => i,1,Return() > >> exten => h,1,NoOp(Hangup in check-international. Maybe Authenticate > >> failed?) > >> > >> > >> > >> > >> On Sat, Jan 26, 2013 at 11:35 PM, James Babiak <[email protected]> wrote: > >> Oops. > >> > >> Those dialplan examples should read > >> ...{EXTEN:3:1}...{EXTEN:3:2}...{EXTEN:3:3}... as you need to offset the > >> preceding 011 first. > >> > >> See, I knew I had some errors in there! > >> > >> --James > >> > >> > >> > >> On 01/26/2013 11:29 PM, James Babiak wrote: > >>> David, > >>> > >>> There are a few ways you can accomplish this. > >>> > >>> How many countries do you want to permit dialing to without a pin? If > >>> only a static handful, it might be easier to setup more granular dialplan > >>> entries to handle calls to those permitted countries (ie: _01144XX. for > >>> UK, etc.) and then have a catch-all (ie: _011XXX.) for everything else > >>> which could require pin-based authentication. If you have a long list of > >>> permitted countries, or you need the list to be more dynamic and > >>> flexible, you could use a generic wildcard on international calls, and > >>> then examine the first 1-3 digits and see if they are on the "allowed" > >>> list (which could be in the dialplan itself, or more preferably in a > >>> database). If they are, process the call, if not, ask for a pin before > >>> continuing. Remember that CCs can be 1-3 digits in length. Fortunately, > >>> there are no 2-digit CCs that overlap with 3-digit ones where the first 2 > >>> match as well (ie: there isn't a 35 and 351 CC). But unless I'm mistaken, > >>> this would mean you would need to run three different extension > >>> comparisons (one for each CC length) to match all the possible > >>> combinations, assuming of course that you want to allow pinless calls to > >>> 1, 2 and 3 digit CCs. > >>> > >>> So, off the top of my head, I think something like this might work: > >>> --==-- > >>> exten => > >>> _011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:1})}?onwhitelist) > >>> exten => > >>> _011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:2})}?onwhitelist) > >>> exten => > >>> _011XXX.,n,GotoIf(${DB_EXISTS(CCwhitelist/${EXTEN:0:3})}?onwhitelist) > >>> > >>> exten => > >>> _011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:1})}?onblacklist) > >>> exten => > >>> _011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:2})}?onblacklist) > >>> exten => > >>> _011XXX.,n,GotoIf(${DB_EXISTS(CCblacklist/${EXTEN:0:3})}?onblacklist) > >>> > >>> exten => _011XXX.,n,Authenticate(1234,) > >>> exten => _011XXX.,n, [NORMAL DIALPLAN FOR INTERNATIONAL CALLS] > >>> ... > >>> > >>> exten => _011XXX.,n(onwhitelist), [NORMAL DIALPLAN FOR INTERNATIONAL > >>> CALLS] > >>> .... > >>> > >>> exten => _011XXX.,n(onblacklist), [SOMETHING TO BLOCK THE CALLER AND WARN > >>> YOU] > >>> .... > >>> --==-- > >>> > >>> Bare in mind that I just wrote that quickly, so it's far from complete > >>> and probably has a few errors (not to mention requiring some fill in the > >>> blank), but I think the gist of it would fit your needs. You could then > >>> create two database lists, CCwhitelist and CCblacklist, that could help > >>> to route International calls to different destinations in the dialplan. > >>> The above example would actually give you three different levels of > >>> security: whitelist, blacklist and everything else. > >>> > >>> Also, don't simply rely on a pin-based authentication system to block > >>> international toll fraud, as this would be trivial for someone to brute > >>> force in a short amount of time (depending on pin length). You should add > >>> some other mechanism to only allow a small number of attempts before the > >>> IP is blacklisted and trigger a warning to you that something is wrong. > >>> > >>> One security tip I would suggest implementing, which I do and outlined a > >>> bit above, is to specifically block certain country codes that I know > >>> would never legitimately be called and have Asterisk warn me if it is > >>> ever attempted. Basically any number on the list of popular toll fraud > >>> destinations. Countries like Sierra Leone, Nigeria, most of Africa in > >>> general, any country that ends in -stan, etc. You can also look at your > >>> provider's rate-deck and see what countries, which you have no intention > >>> of allowing calls to, have very high CPMs and put them on the block/warn > >>> list. This way, even in the event that your PBX is compromised, you will > >>> get an early warning alert that something is going wrong (via email, > >>> etc.) from the call attempt itself. Though this only protects against a > >>> compromised PBX, not the system itself. Some providers will also let you > >>> setup this level of granular call blocking as a failsafe to prevent crazy > >>> bills. > >>> > >>> --James > >>> > >>> On 01/26/2013 06:11 PM, David Kerr wrote: > >>>> Does anyone have a asterisk dialplan that will... > >>>> > >>>> 1) Check an outbound international phone number against a list of > >>>> permitted country codes. > >>>> 2) If country code is on list, connect call. > >>>> 3) if country code is not on list, prompt for a PIN and only connect if > >>>> PIN entered correctly. > >>>> > >>>> Thanks, > >>>> David > >>>> > >>>> > >>>> ------------------------------------------------------------------------------ > >>>> Master Visual Studio, SharePoint, SQL, > >>>> ASP.NET > >>>> , C# 2012, HTML5, CSS, > >>>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > >>>> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > >>>> MVPs and experts. ON SALE this month only -- learn more at: > >>>> > >>>> http://p.sf.net/sfu/learnnow-d2d > >>>> > >>>> > >>>> _______________________________________________ > >>>> Astlinux-users mailing list > >>>> > >>>> [email protected] > >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users > >>>> > >>>> > >>>> Donations to support AstLinux are graciously accepted via PayPal to > >>>> [email protected]. > >>> > >> > >> > >> ------------------------------------------------------------------------------ > >> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > >> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > >> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > >> MVPs and experts. ON SALE this month only -- learn more at: > >> http://p.sf.net/sfu/learnnow-d2d > >> _______________________________________________ > >> Astlinux-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/astlinux-users > >> > >> Donations to support AstLinux are graciously accepted via PayPal to > >> [email protected]. > >> > >> > >> > >> ------------------------------------------------------------------------------ > >> Master Visual Studio, SharePoint, SQL, > >> ASP.NET > >> , C# 2012, HTML5, CSS, > >> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > >> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > >> MVPs and experts. ON SALE this month only -- learn more at: > >> > >> http://p.sf.net/sfu/learnnow-d2d > >> > >> > >> _______________________________________________ > >> Astlinux-users mailing list > >> > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/astlinux-users > >> > >> > >> Donations to support AstLinux are graciously accepted via PayPal to > >> [email protected]. > > > > > > ------------------------------------------------------------------------------ > > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > > MVPs and experts. ON SALE this month only -- learn more at: > > http://p.sf.net/sfu/learnnow-d2d > > _______________________________________________ > > Astlinux-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > [email protected]. > > > > ------------------------------------------------------------------------------ > > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > > MVPs and experts. ON SALE this month only -- learn more at: > > http://p.sf.net/sfu/learnnow-d2d_______________________________________________ > > Astlinux-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > [email protected]. > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnnow-d2d > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnnow-d2d_______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
