Re: [asterisk-users] Security issue
What distribution are you using? Below is a tutorial from the ubuntu site but it should give you the basics of setting up iptables rules. I have created custom rules for all my servers and the amount of junk traffic has been dramatically reduced. Good Luck!! https://help.ubuntu.com/community/IptablesHowTo Jim Eric Fort wrote: use IP tables and start with deny all. Follow this by allowing only the protocols/ports you want and only the source/destination ip's you wish to allow. these can be combined to say allow ssh from anywhere but only allow sip (and it's range of ports) to/from a very limited set of ip's belonging to say your ITSP. for users that move about a bunch they can use vpn to an allowed subnet. Eric On Sat, Feb 7, 2009 at 5:47 PM, oumar ndiaye ondi...@antg.com wrote: David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
denay permit are in sip.conf and iax.conf David 2009/2/7 oumar ndiaye ondi...@antg.com David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Streaming meetings vs conference hardware
There simply aren't that many local Asterisk Users Groups. This is one of the reasons that the VoIP Users Conference (http://www.VoIPUsersConference.org) has been picking up members. Using the Talkshoe conference bridge is certainly accessible, and the price is right (free!) I listened in on the streams from 25C3 over the Christmas break, and fout it really enjoyable. It occurs to me that perhaps the local AUG, where they exist and have meetings, might be able to stream their events...which could also be applied to events like Astricon or ClueCon. When I see things being streamed its not clear what hardware/software is being used. As someone once deeply involved in live and recorded music I imagine that many times people just take a feed from the local PA/mixer if there is one. Which brings me to a question. Would a high-end conference phone (Polycom IP7000?) with extension mic's be better suited to streaming a meeting? I can envision a such a device dialed into a wideband conference bridge, then that bridge streamed via Shoutcast or something similar? Anyone done this before? Michael -- Michael Graves mgravesatmstvp.com http://blog.mgraves.org o713-861-4005 c713-201-1262 sip:mgra...@mstvp.onsip.com skype mjgraves fwd 54245 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] meetme application
hi guys: recently I want to buinding a meeting confence on asterisk and use the meetme application. I have a ztdummy kernel afteri the lsmod commond: ztdummy 5768 0 zaptel182660 28 zttranscode,ztdummy crc_ccitt 3008 1 zaptel I also configure the meetme.conf conf = 1000; my extensions.conf [default] exten = 4110,1,Answer() ;exten = 99008664110,n,MeetMeCount(1000) exten = 4110,n,MeetMe(1000) exten = 4110,n,Hangup() but after i dial the 4110 in my xlite, the sip debug show the message and stop here: -- Executing [4...@meetme:2] MeetMe(SIP/28989-08241e60, 1000) in new stack (sip ACK message) without parsing the meetme.conf and can't build the chat room! i reload the app_meetme.so in CLI: - Reloading module 'app_meetme.so' (MeetMe conference bridge) == Parsing 'etc/asterisk/meetme.conf': Found All the sip message show that there is no fault, and i dont know why the meetme application can't work. i have a usable meetme sever and the sip message is: Executing MeetMe(SIP/20742-081a8198, 1000|Ap) in new stack == Parsing '/etc/asterisk/meetme.conf': Found == Parsing '/etc/asterisk/staticmeetme.conf': Found -- Created MeetMe conference 1023 for conference '1000' I dont Know why the meetme application dont parsing the meetme.conf and creat MeetME conference hope some guys help me ,appreciate your help!!! 2009-02-09 邱磊 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] chan_oss.c:585 setformat: Unable to re-open DSP device
== Manager 'sendcron' logged off from 127.0.0.1 vicidialnow*CLI dial 919545090201 -- Executing AGI(OSS/dsp, agi://127.0.0.1:4577/call_log) in new stack -- AGI Script agi://127.0.0.1:4577/call_log completed, returning 0 -- Executing Dial(OSS/dsp, SIP/19545090...@sip203||tTor) in new stack -- Called 19545090...@sip203 Feb 2 13:36:38 WARNING[2884]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory -- SIP/sip203-086fb130 answered OSS/dsp Console call has been answered Feb 2 13:36:42 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:43 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:44 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:45 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:46 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:47 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:48 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:49 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:50 WARNING[8644]: chan_oss.c:585 setformat: Unable to re-open DSP device /dev/dsp: No such file or directory Feb 2 13:36:50 NOTICE[8644]: rtp.c:331 process_rfc3389: Comfort noise support incomplete in Asterisk (RFC 3389). Please turn off on client if possible. Client IP: 216.168.169.103 == Spawn extension (local, 919545090201, 2) exited non-zero on 'OSS/dsp' -- Executing DeadAGI(OSS/dsp, agi://127.0.0.1:4577/call_log) in new stack -- AGI Script agi://127.0.0.1:4577/call_log completed, returning 0 -- Executing DeadAGI(OSS/dsp, agi:// 127.0.0.1:4577/VD_hangup--HVcauses--PRI-NODEBUG-16-ANSWER-13-10)) in new stack -- AGI Script agi://127.0.0.1:4577/VD_hangup--HVcauses--PRI-NODEBUG-16-ANSWER-13-10) completed, returning 0 Hangup on console What is this error ? _ ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk + voxbone == Failed to authenticate user
Hi every all, since a few weeks I came back to asterisk and tried to install version 1.6. The installation went fine so I decided to buy new dids on Voxbone. I have added the sip peers of Voxbone Belgium1 like this in the sip.conf [81.201.82.39] host=dynamic type=friend insecure=very context=your_context canreinvite=no qualify=no deny=0.0.0.0/0.0.0.0 permit=81.201.82.39/255.255.255.255 but unfortunately when I receive a call I got this nice error: handle_request_invite: Failed to authenticate user 075 sip:075x...@voxbone.com;tag=76596. I am in doubt now because with the insecure=very, I must receive any incoming calls from from voxbone (81.201.82.39) without any problems. Do you know how to fix this please? ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] meetme application
2009/2/9 邱磊 qiulei...@163.com hi guys: recently I want to buinding a meeting confence on asterisk and use the meetme application. I have a ztdummy kernel afteri the lsmod commond: ztdummy 5768 0 zaptel182660 28 zttranscode,ztdummy crc_ccitt 3008 1 zaptel I also configure the meetme.conf conf = 1000; my extensions.conf [default] exten = 4110,1,Answer() ;exten = 99008664110,n,MeetMeCount(1000) exten = 4110,n,MeetMe(1000) exten = 4110,n,Hangup() but after i dial the 4110 in my xlite, the sip debug show the message and stop here: -- Executing [4...@meetme:2] MeetMe(SIP/28989-08241e60, 1000) in new stack (sip ACK message) without parsing the meetme.conf and can't build the chat room! i reload the app_meetme.so in CLI: - Reloading module 'app_meetme.so' (MeetMe conference bridge) == Parsing 'etc/asterisk/meetme.conf': Found All the sip message show that there is no fault, and i dont know why the meetme application can't work. i have a usable meetme sever and the sip message is: Executing MeetMe(SIP/20742-081a8198, 1000|Ap) in new stack == Parsing '/etc/asterisk/meetme.conf': Found == Parsing '/etc/asterisk/staticmeetme.conf': Found -- Created MeetMe conference 1023 for conference '1000' I dont Know why the meetme application dont parsing the meetme.conf and creat MeetME conference hope some guys help me ,appreciate your help!!! 2009-02-09 -- 邱磊 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users Hi, Have you created conference room 1000 in the meetme.conf file? Read this http://www.voip-info.org/wiki/view/Asterisk+config+meetme.conf . I hope this helps you. -- Pagarbiai / Best Regards, Giedrius Augys ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk and CIsco 1760 SIP ?
Hi i am search a sample config (for asterisk and for cisco) for connect a cisco 1760 with a FXO card to my asterisk. Thanks for your help Jerome ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] meetme application
2009/2/9 邱磊 qiulei...@163.com i reload the app_meetme.so in CLI: - Reloading module 'app_meetme.so' (MeetMe conference bridge) == Parsing 'etc/asterisk/meetme.conf': Found All the sip message show that there is no fault, and i dont know why the meetme application can't work. i have a usable meetme sever and the sip message is: Executing MeetMe(SIP/20742-081a8198, 1000|Ap) in new stack == Parsing '/etc/asterisk/meetme.conf': Found == Parsing '/etc/asterisk/staticmeetme.conf': Found -- Created MeetMe conference 1023 for conference '1000' Your config looks correct, but, one thing that looks a bit odd to me is the output from your reload of app_meetme, I'm not sure if you typed the output and made a typo, but, the path to meetme.conf when parsed after the reload is relative rather than absolute... I'm not sure if this is relevant at all, but, looks odd... You haven't changed the paths in /etc/asterisk/asterisk.conf to be relative paths have you? As I say, this may or may not be relevant... but... I could imagine that if relative paths from root have been used and asterisk is not launched from the root then it may have alsorts of issues finding configs... It could be useful for you to enable debugging output too, not that app_meetme makes much debugging output, but, it does output a little which may at least identify the point it's getting to... d ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] can anybody tell me how Magic jack can be so cheap ????
I can see another way of getting this done. If memory serves me right, there was a company in the name like “sunrocket”, or “skyrocket” or whatever. They used to offer service for $100/year unlimited as well. Then about 2 years down the road, they went under. And that was the real deal for them. The price for the dead company was much higher than for the alive company. Because all of the VoIP companies like Vonage, etc, was literally fighting for the customer lists. I think, this might be a possibility too… remember me, what was the company and who was the founder? Yeah that was SunRocket and been founded by Joyce Dorris and Paul Erickson. But the MagicJack has a great deal of connections with XO, ComCast, talk4free, Ymax communications. Talk4free.com does not have any presence beyond the NS servers for the YMax communications. Entire YMAX IP range /20 is managed by ComCast, and the webserver for the management console is on the XO network. The XO has a PBX’es available for businesses, and they do offer unlimited free local calling, and free site-to-site. As a result, you actually can get free local calls when you have enough POP (as a Ymax ,founded by the same guy as a magicjack, does). And if you get their international rates, you will understand, that these rates are quite expensive – at least 15%-25% even over the VoipJet. So when you put all these pieces of the puzzle together + advertisement during the call + datamining possibility from the calls, this company has created an enormous asset. The idea is actually extremely brilliant. I’m just not sure how legal it is to “snoop” on the call, even if it’s in the agreement. I think, the law will prevail over any agreement, furthermore in their agreement, not only you wave the rights for the legal option, but you also set the statue bar for 1 year. And, forget the privacy of the call, here is something more: “By installing the magicJack Software, you hereby agree to allow magicJack the option to automatically provide Updates from magicJack and/or its partners' servers.” And as usual, the “normal use” clause: “If magicJack sees excessive use, including but not limited to, a customer whose usage is twenty (20) times more than the average magicJack's customers usage… all sorts of bad things may happen….”. Besides their EULA only says about free calls in US, nothing about Canada… Free cheese is only in traps and only for the second mouse. --A. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Kinjal Dixit Sent: Sunday, February 08, 2009 12:28 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] can anybody tell me how Magic jack can be so cheap the ads will start once there is critical mass. the following are the scenarios for ads: 1. when you dial a number, before hearing the ringing, you have to listen to an ad. the length of the ad would be proportional to the intensity of your usage... the more you use, the longer the ads. 2. when the caller answers, they will first hear magic jack promo, then they will hear your voice. 3. the call in interrupted every few minutes to play an ad to both parties. 4. they will give an ad free service if you pay a higher charge. I just hope I am not giving the people at magicjack any ideas, but if I am, I would sure appreciate if they pay me!! On Sun, Feb 8, 2009 at 9:58 AM, k4...@bellsouth.net wrote: Never seen any ads except for them. Actually the thing sits on a server down in the garage so I don't see anything! Darn thing just works! I bought it as a second line when the wife is using the copper line to work. Ronny K4RJJ -- Original message from Forrest W Christian f...@mt.net: -- Or more accurately, they believe they can follow the NetZero or Juno model (Free in exchange for ads being pushed to you). -forrest C F wrote: They believe they have advertisement revenues. On Sat, Feb 7, 2009 at 5:45 PM, Ignacio Ortega A. wrote: How Magic Jack can only charge $20 per year? do they have a call limit? do they have a call duration limit or limit of minutes per day?, Thanks ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE
