[asterisk-users] Gtalk and asterisk 1.6

2010-10-30 Thread asterisk asterisk 
I have been using rpm version of asterisk 1.6. However, I notice the support
for gtalk is absent from rpm. I tried to compile source code and then moved
to the /usr/lib/asterisk/modules. But the modules cannot be loaded.

Anyone has successful experience.

Mine is using 1.6.2.12.

I also tried in asterisk 1.8. It works well but only the GUI is not working.

CK
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Under heavy attack

2010-10-30 Thread Zeeshan Zakaria 
My main asterisk server is under unusual heavy attack, and so far Fail2Ban
has blocked about 30 IPs, from various different countries. At this time it
is blocking about 1 IP address every few minutes.

Just wondering if anybody else is also experiencing unusually increased hack
attempts today?

Zeeshan A Zakaria

--
www.ilovetovoip.com
www.pbxforall.com (beta)
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Bruce Komito 
Me too.

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria
Sent: Saturday, October 30, 2010 11:29 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Under heavy attack


My main asterisk server is under unusual heavy attack, and so far Fail2Ban has 
blocked about 30 IPs, from various different countries. At this time it is 
blocking about 1 IP address every few minutes.

Just wondering if anybody else is also experiencing unusually increased hack 
attempts today?

Zeeshan A Zakaria

--
www.ilovetovoip.com
www.pbxforall.com (beta)
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Warren Selby 
I'm experiencing this on one of my clients servers. The attack is ongoing. 

Thanks,
--Warren Selby

On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria  wrote:

> My main asterisk server is under unusual heavy attack, and so far Fail2Ban 
> has blocked about 30 IPs, from various different countries. At this time it 
> is blocking about 1 IP address every few minutes.
> 
> Just wondering if anybody else is also experiencing unusually increased hack 
> attempts today?
> 
> Zeeshan A Zakaria
> 
> --
> www.ilovetovoip.com
> www.pbxforall.com (beta)
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Joel Maslak 
Is there really any benefit to blocking these, if you use good passwords?

On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby  wrote:

> I'm experiencing this on one of my clients servers. The attack is ongoing.
>
> Thanks,
> --Warren Selby
>
> On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria  wrote:
>
> My main asterisk server is under unusual heavy attack, and so far Fail2Ban
> has blocked about 30 IPs, from various different countries. At this time it
> is blocking about 1 IP address every few minutes.
>
> Just wondering if anybody else is also experiencing unusually increased
> hack attempts today?
>
> Zeeshan A Zakaria
>
> --
>  www.ilovetovoip.com
>  www.pbxforall.com (beta)
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Stuart Sheldon 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

We are also seeing an increase in attacks. And yes, there is a benefit
to blocking them. They tend to go away if you have them restricted,
where if you let them go at it, they will sit on your host for sometimes
hours.

Stu


On 10/30/2010 12:43 PM, Joel Maslak wrote:
> Is there really any benefit to blocking these, if you use good passwords?
> 
> On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby  > wrote:
> 
> I'm experiencing this on one of my clients servers. The attack is
> ongoing. 
> 
> Thanks,
> --Warren Selby
> 
> On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria  > wrote:
> 
>> My main asterisk server is under unusual heavy attack, and so far
>> Fail2Ban has blocked about 30 IPs, from various different
>> countries. At this time it is blocking about 1 IP address every
>> few minutes.
>>
>> Just wondering if anybody else is also experiencing unusually
>> increased hack attempts today?
>>
>> Zeeshan A Zakaria
>>
>> --
>> www.ilovetovoip.com
>> 
>> www.pbxforall.com
>>  (beta)
>>
>> -- 
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>   
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   
>> 
>> http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMzHsdAAoJEFKVLITDJSGS2fwP/j7/Jkcza71zoEMPMdegh+K5
ASVOda6yPazRmY6LAjqrNTwMyASmmngr/LLZbBmqRNXdzjWqDJ5+CEmCK09/WlcB
etoz09XTNd0mswMq8r2uVSdKE7PBTZRlNokIfwbwSvWFIL01qbdA3urHVIJuNDuI
V2eN94K+lgX7m69TFHe4J209X7BXQS3HxDl0aQVcW+NnofWj9o6BXoLdQXrkS/sG
C7npBqpUe1asoyl2Bo5qSpzzMGiebZOcMIjKAEEu0anESZKKuNIhcj4BX6uOCRk0
8//IlNmqMVKfJr8ttpqZVbbKI9AKjTWBHV77LzSNkPgcFjD6WeiOSnOMWW0UNAgE
3iaTCzXO9GwJLhRucdoezCI78qCkFdO8N0C6UZcrW/eP7bJdxa4Ab0of3EtG3V2U
QjeKQYYpL7O0my3uwO4I1BY7qiDTqibTzQ6Gb7Y4No029R78cWff3xIueU5rNZeO
Fr/2ODNFZE0Q1+KA7d29308jIKY0Ubz5s/QBKbAjWfQk80dQ4BE/6nqBUJmZWIAx
CNL8dK+jv6uCIi5Ae2tMHGestkcy4Ol4fdKC6emVLgm4DbRYKAg259lkoAifT7qo
8/0LWfjuP8mXHaQ2x023wTKg+FyZCIwJmpr8UDaKwMdtFgwpLuZeQrYuRQiW8TCS
xkBSL1xkLIoEy1b3NLDv
=eqQ+
-END PGP SIGNATURE-

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread jon pounder 
On 10/30/2010 04:07 PM, Stuart Sheldon wrote:


any registry of abusers like for spam ?
any list of complete ip ranges for countries where abuse is rampant to 
block ?

I am getting sick of the one offs and ready to start blocking big chunks 
of address space.



> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> We are also seeing an increase in attacks. And yes, there is a benefit
> to blocking them. They tend to go away if you have them restricted,
> where if you let them go at it, they will sit on your host for sometimes
> hours.
>
> Stu
>
>
> On 10/30/2010 12:43 PM, Joel Maslak wrote:
>
>> Is there really any benefit to blocking these, if you use good passwords?
>>
>> On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby> >  wrote:
>>
>>  I'm experiencing this on one of my clients servers. The attack is
>>  ongoing.
>>
>>  Thanks,
>>  --Warren Selby
>>
>>  On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria>  >  wrote:
>>
>>  
>>>  My main asterisk server is under unusual heavy attack, and so far
>>>  Fail2Ban has blocked about 30 IPs, from various different
>>>  countries. At this time it is blocking about 1 IP address every
>>>  few minutes.
>>>
>>>  Just wondering if anybody else is also experiencing unusually
>>>  increased hack attempts today?
>>>
>>>  Zeeshan A Zakaria
>>>
>>>  --
>>>  www.ilovetovoip.com
>>>  
>>>  www.pbxforall.com
>>>    (beta)
>>>
>>>  --
>>>  _
>>>  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>  New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>
>>>  http://www.asterisk.org/hello
>>>
>>>  asterisk-users mailing list
>>>  To UNSUBSCRIBE or update options visit:
>>>
>>>  
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>  --
>>  _
>>  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>  New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>>
>>  asterisk-users mailing list
>>  To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>  
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBCAAGBQJMzHsdAAoJEFKVLITDJSGS2fwP/j7/Jkcza71zoEMPMdegh+K5
> ASVOda6yPazRmY6LAjqrNTwMyASmmngr/LLZbBmqRNXdzjWqDJ5+CEmCK09/WlcB
> etoz09XTNd0mswMq8r2uVSdKE7PBTZRlNokIfwbwSvWFIL01qbdA3urHVIJuNDuI
> V2eN94K+lgX7m69TFHe4J209X7BXQS3HxDl0aQVcW+NnofWj9o6BXoLdQXrkS/sG
> C7npBqpUe1asoyl2Bo5qSpzzMGiebZOcMIjKAEEu0anESZKKuNIhcj4BX6uOCRk0
> 8//IlNmqMVKfJr8ttpqZVbbKI9AKjTWBHV77LzSNkPgcFjD6WeiOSnOMWW0UNAgE
> 3iaTCzXO9GwJLhRucdoezCI78qCkFdO8N0C6UZcrW/eP7bJdxa4Ab0of3EtG3V2U
> QjeKQYYpL7O0my3uwO4I1BY7qiDTqibTzQ6Gb7Y4No029R78cWff3xIueU5rNZeO
> Fr/2ODNFZE0Q1+KA7d29308jIKY0Ubz5s/QBKbAjWfQk80dQ4BE/6nqBUJmZWIAx
> CNL8dK+jv6uCIi5Ae2tMHGestkcy4Ol4fdKC6emVLgm4DbRYKAg259lkoAifT7qo
> 8/0LWfjuP8mXHaQ2x023wTKg+FyZCIwJmpr8UDaKwMdtFgwpLuZeQrYuRQiW8TCS
> xkBSL1xkLIoEy1b3NLDv
> =eqQ+
> -END PGP SIGNATURE-
>
>


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Tormenta 3 (Tor3e) - Driver.

2010-10-30 Thread jeff 
Hello All,Would be possible someone send me driver for tormenta 3 pcicard ? I see that www.govarion.com is no longer available.Thank you so much.Jeff

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Tormenta 3 (Tor3e) - Driver.

2010-10-30 Thread jeff 
Hello All,Would be possible someone send me driver for tormenta 3 pcicard ? I see that Govarion website is no longer available.Thank you so much.Jeff 

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Exceptionally long queue length queuing . . . .

2010-10-30 Thread Brian Capouch 
I wonder if anyone out there has a perspective on this.  There are a 
welter of tickets out there on the matter, most of them closed.

This problem began for me over a year ago, and continues up to the 
latest versions I've installed (1.6.2.13).

It happens randomly, and the suggestion on one of the bug tracker 
tickets that it is instigated by a small network leg looks to be on 
point to me, because while it happens way often, it doesn't always happen.

My ITSPs have all dropped IAX, and if they're experiencing this problem 
I can see why.  Once the first of these messages has occurred, it's 
"goodbye audio" for the rest of the call.

If anyone has a perspective on this longstanding problem, I'd sure be 
glad to hear it.

Thanks.

b.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Hans Witvliet 
On Sat, 2010-10-30 at 14:28 -0400, Zeeshan Zakaria wrote:
> My main asterisk server is under unusual heavy attack, and so far
> Fail2Ban has blocked about 30 IPs, from various different countries.
> At this time it is blocking about 1 IP address every few minutes.
> 
> Just wondering if anybody else is also experiencing unusually
> increased hack attempts today?
> 

Just 30 ?

I got 1593 different IP's on my personal blacklist who constantly are
looking if i may lower my guards. Though 82.101.63.5 and 132.68.58.60
are rather busy tonight...

hw

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Cary Fitch 
We have about 8-10 boinking us.  They generally run a 1- peer attack and
a few alphas like common words or "eieio"  We use large, complex peer IDs
and passwords, so they have a long way to go.   I am happy to help keep them
busy.

I also send messages to their network abuse address.

Cary Fitch

-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Hans Witvliet
Sent: Saturday, October 30, 2010 6:11 PM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Under heavy attack

On Sat, 2010-10-30 at 14:28 -0400, Zeeshan Zakaria wrote:
> My main asterisk server is under unusual heavy attack, and so far
> Fail2Ban has blocked about 30 IPs, from various different countries.
> At this time it is blocking about 1 IP address every few minutes.
> 
> Just wondering if anybody else is also experiencing unusually
> increased hack attempts today?
> 

Just 30 ?

I got 1593 different IP's on my personal blacklist who constantly are
looking if i may lower my guards. Though 82.101.63.5 and 132.68.58.60
are rather busy tonight...

hw

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] What is digium doing on port 113?

2010-10-30 Thread Hans Witvliet 
While on the subject,

what is digium doing on my port 113?

just from my logfile:
Oct 31 01:11:07 fw2 kernel:  EXT; INC, INTRUDER IN=eth0 OUT= 
MAC=08:00:20:da:3b:4a:00:90:1a:42:70:d3:08:00 
SRC=216.207.245.17  LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=15394 PROTO=TCP 
SPT=56211 DPT=113 WINDOW=0 RES=0x00 RST URGP=0

host 216.207.245.17
17.245.207.216.in-addr.arpa domain name pointer lists.digium.com.

I'm not logged @digium, not compiling, not accessing list archives retieving 
svn's


>From http://www.unidata.ucar.edu/support/help/MailArchives/idd/msg00983.html
Port 113 supports what is known as an IDENT service.  Basically, it tries
to determine the remote user of a given client network connection.
Yesterday, our web server (128.117.149.62) logged several connections from
mail.arilabs.com (206.129.115.118) to which it attempts a connection on
port 113.  If it is sucessful, it will determine the remote user who
connected.  This service is widely used on Unix systems, but not really
supported on Windows or Mac operating systems. 

So why is the list-server sending an ident-REQ to my IP?

It is blocked anyway, bur WHY???

hw


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] What is digium doing on port 113?

2010-10-30 Thread Joel Maslak 
Probably doing an ident lookup when you send mail to the list.  Standard 
sendmail behavior. 

On Oct 30, 2010, at 5:37 PM, Hans Witvliet  wrote:

> While on the subject,
> 
> what is digium doing on my port 113?
> 
> just from my logfile:
> Oct 31 01:11:07 fw2 kernel:  EXT; INC, INTRUDER IN=eth0 OUT= 
> MAC=08:00:20:da:3b:4a:00:90:1a:42:70:d3:08:00 
> SRC=216.207.245.17  LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=15394 PROTO=TCP 
> SPT=56211 DPT=113 WINDOW=0 RES=0x00 RST URGP=0
> 
> host 216.207.245.17
> 17.245.207.216.in-addr.arpa domain name pointer lists.digium.com.
> 
> I'm not logged @digium, not compiling, not accessing list archives retieving 
> svn's
> 
> 
>> From http://www.unidata.ucar.edu/support/help/MailArchives/idd/msg00983.html
> Port 113 supports what is known as an IDENT service.  Basically, it tries
> to determine the remote user of a given client network connection.
> Yesterday, our web server (128.117.149.62) logged several connections from
> mail.arilabs.com (206.129.115.118) to which it attempts a connection on
> port 113.  If it is sucessful, it will determine the remote user who
> connected.  This service is widely used on Unix systems, but not really
> supported on Windows or Mac operating systems. 
> 
> So why is the list-server sending an ident-REQ to my IP?
> 
> It is blocked anyway, bur WHY???
> 
> hw
> 
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread C F 
You kidding?

On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak  wrote:
> Is there really any benefit to blocking these, if you use good passwords?
>
> On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby  wrote:
>>
>> I'm experiencing this on one of my clients servers. The attack is
>> ongoing.
>>
>> Thanks,
>> --Warren Selby
>> On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria  wrote:
>>
>> My main asterisk server is under unusual heavy attack, and so far Fail2Ban
>> has blocked about 30 IPs, from various different countries. At this time it
>> is blocking about 1 IP address every few minutes.
>>
>> Just wondering if anybody else is also experiencing unusually increased
>> hack attempts today?
>>
>> Zeeshan A Zakaria
>>
>> --
>> www.ilovetovoip.com
>> www.pbxforall.com (beta)
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>   http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Tzafrir Cohen 
On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote:
> Is there really any benefit to blocking these, if you use good passwords?

Regardless of any threat from those attacks succeeding, they completely
saturated the uplink in our ADSL-connected office.

What are they after, anyway? Merely cheap international calls?

-- 
   Tzafrir Cohen
icq#16849755  jabber:tzafrir.co...@xorcom.com
+972-50-7952406   mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com  iax:gu...@local.xorcom.com/tzafrir

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Mobile Phones and Asterisk

2010-10-30 Thread Sebastian 


On 10/29/2010 04:40 AM, jon pounder wrote:
> On 10/28/2010 11:18 PM, GBR Icasiano, Ryan A. wrote:
>
> Here is what I do today and it works fine:
>
> - asterisk/trixbox
> - Dext/android phone
> - Bell Canada cell provider
> - call comes in, to an extension with voicemail
> - rings a bunch of sip devices (real phones, and the android via
> linphone if it happens to be near wifi and registered (set to only use
> wifi not 3g to register)
> - if not answered call is forwarded back out a pots line and dials the
> cell number (cell is not subscribed to provider voicemail)

This is an advantage over my situation. Here (UK) - if you don't 
configure voicemail on your mobile - the mobile operator just plays a 
message along the lines "The phone number  is not available right 
now. Please try again later" (or something similar). Which screws things 
up - as Asterisk can't tell that the mobile is not available. To 
Asterisk, that message is the same as somebody answering the line. Same 
in France and Spain - as far as I've seen.

Sebastian

> - still no answer that pots line is hung up and call drops back into the
> original extension's vm. (I have not run into a problem with answer
> detection, only that people don't stay on the line long enough for me to
> answer on the second set of ringing, but if they are that impatient the
> call was probably not important anyway)
>
> outgoing calls if registered I have a choice once I dial of linphone or
> dialer to make the call.
>
> checking vm is just *98  from linphone as the dialing app, or dial
> in and navigate to vm.
>
> linphone is a little less polished gui but seems to work the best for me
> to reliably register when it should.
> (tried about 5 different sip clients)
>
>
>
>
>> Hi,
>>
>> Thanks for your very informative response. This is really helpful. I 
>> wouldn't be pushing it though since it isn't possible as of now.
>>
>> Kudos!
>>
>> RYAN ICASIANO
>> 
>> From: asterisk-users-boun...@lists.digium.com 
>> [asterisk-users-boun...@lists.digium.com] On Behalf Of Sebastian 
>> [s...@open-t.co.uk]
>> Sent: Friday, October 29, 2010 5:50 AM
>> To: asterisk-users@lists.digium.com
>> Subject: Re: [asterisk-users] Mobile Phones and Asterisk
>>
>> Hi,
>>
>> On 10/28/2010 11:20 AM, GBR Icasiano, Ryan A. wrote:
>>
>>> Hi,
>>>
>>> I can actually place a successful call using that configuration. The telco 
>>> i'm currently working requires the prefix.
>>>
>>> What I'm trying to do is to capture the status of the mobile phone, if it 
>>> is currently engaged in a call or not.
>>>
>> Maybe others who know better will jump in - but I seriously doubt you
>> will be able to do this. From my limited knowledge, I believe mobile
>> phone networks use different signalling then regular terrestrial based
>> providers. I don't really think that the engaged tone sent back by the
>> mobile operator will be decoded correctly by Asterisk.
>>
>> Not to mention that, I don't what happens where you are - but in UK for
>> example - you don't even get an engaged tone from a mobile phone. You
>> just get either sent to the user's voice mail, or you are played a
>> message from the mobile phone operator which essentially tells you that
>> the user is engaged or unavailable. Operators in many other European
>> countries do the same. So from the point of what you are trying to
>> achieve - this is useless in Asterisk.
>>
>> I would have liked to do the same thing - as I have line divert in
>> Asterisk to my mobile phone - and I would have liked for Asterisk to
>> just skip along to my Asterisk voice mail when my mobile is either out
>> of coverage, or when I'm in a conversation on it. But no such luck. I
>> believe the mobile operators wouldn't like the idea anyway - as they get
>> to charge you extra for playing all those messages or sending you to
>> their voicemail.
>>
>> I believe in parts of the North American continent things are similar,
>> but even worse. As the caller gets charged as soon as the mobile phone
>> starts ringing - apparently simply the act of accessing the mobile
>> operator's network is chargeable - never mind if you get to speak to
>> anybody or not.
>>
>> Then again, maybe things are different where you are - and maybe there
>> is a way to get Asterisk to recognise the busy tone from your mobile
>> operator. Maybe somebody here will jump in with a suggestion. It seems
>> that it has to do with "busy signalling" in Asterisk. A softphone I
>> believe will accomplish this out of band - with some commands over SIP.
>> While PSTN (normal phone lines) and mobiles I believe tend to signal
>> this with inband tones (part of the sound coming down the line).
>>
>> You might also want to check your regional settings in Asterisk.
>>
>>
>> Sebastian
>>
>> I achieved this successfully by emulating it via a softphone, when I
>> call a softphone and it is currently engaged in a call, asterisk returns
>> BUSY in DIALSTATUS and will automatically

Re: [asterisk-users] What is digium doing on port 113?

2010-10-30 Thread Steve Howes 

On 31 Oct 2010, at 01:29, Joel Maslak wrote:

> Probably doing an ident lookup when you send mail to the list.  Standard 
> sendmail behavior. 

Agreed. Nothing to worry about.

S
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Joel Maslak 
No.  It seems that opening up some sort of automatic blocking could cause an 
attacker forging packets to block legitimate endpoints. It also seems like they 
won't get in with good passwords, so it isn't actually accomplishing something 
to worry about the script kiddies if you have good passwords.  And this 
blocking won't actually stop someone with a zero day attack or who is 
sophisticated and can attack from many IP addresses - these are the real 
threats for people with good passwords.

The CPU usage is trivial to deny them.  As is the bandwidth usage, if you are 
not sitting on a slowish broadband connection.

Sure blocking doesn't hurt, but does the help it provides exceed the downsides 
(effort and risk of blocking legitimate users)?  I suspect it doesn't...if you 
have strong passwords.  If you have weak passwords, you should fix that. 

It also seems that the only way to make blocking effective is to block 
everything by default except known endpoints.  Blocking the door knickers 
doesn't protect against a bad guy finding (not through brute force) valid 
credentials.

For me, monitoring outbound call volume makes a lot more sense.  I would love 
to see an easy to use, out of the box method to alert me if more than "x" 
number of erlangs* are exceeded within a five minute, sixty minute, and one day 
time period. For me, I would want alerting on more than 10 erlangs over five 
minutes, 8 over an hour, and 2 over a day. Exceeding these would likely 
indicate fraud for my installation.  Smaller sites would use smaller numbers, 
larger ones would use bigger ones.

*erlang: one erlang represents full utilization of a single call path over the 
monitoring period.  The monitoring period is usually one hour, but can be 
anything (5, 60, or 1440 minutes in this case).

On Oct 30, 2010, at 6:53 PM, C F  wrote:

> You kidding?
> 
> On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak  wrote:
>> Is there really any benefit to blocking these, if you use good passwords?
>> 
>> On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby  wrote:
>>> 
>>> I'm experiencing this on one of my clients servers. The attack is
>>> ongoing.
>>> 
>>> Thanks,
>>> --Warren Selby
>>> On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria  wrote:
>>> 
>>> My main asterisk server is under unusual heavy attack, and so far Fail2Ban
>>> has blocked about 30 IPs, from various different countries. At this time it
>>> is blocking about 1 IP address every few minutes.
>>> 
>>> Just wondering if anybody else is also experiencing unusually increased
>>> hack attempts today?
>>> 
>>> Zeeshan A Zakaria
>>> 
>>> --
>>> www.ilovetovoip.com
>>> www.pbxforall.com (beta)
>>> 
>>> --
>>> _
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>   http://www.asterisk.org/hello
>>> 
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>> 
>>> --
>>> _
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>   http://www.asterisk.org/hello
>>> 
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>> 
>> 
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>   http://www.asterisk.org/hello
>> 
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>> 
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Joel Maslak 
Ah, that makes sense - I probably would restrict to only known endpoints by IP 
address if I has only DSL bandwidth.  But blocking attackers makes sense if 
that isn't an option.

Yes, they are after cheap calls.

On Oct 30, 2010, at 7:23 PM, Tzafrir Cohen  wrote:

> On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote:
>> Is there really any benefit to blocking these, if you use good passwords?
> 
> Regardless of any threat from those attacks succeeding, they completely
> saturated the uplink in our ADSL-connected office.
> 
> What are they after, anyway? Merely cheap international calls?
> 
> -- 
>   Tzafrir Cohen
> icq#16849755  jabber:tzafrir.co...@xorcom.com
> +972-50-7952406   mailto:tzafrir.co...@xorcom.com
> http://www.xorcom.com  iax:gu...@local.xorcom.com/tzafrir
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Zeeshan Zakaria 
My count has reached 100 for the day. The server serves doesn't serve
international calls anyways, I wonder how would it benefit any hacker in any
way.

--
Zeeshan


Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak  wrote:

> No.  It seems that opening up some sort of automatic blocking could cause
> an attacker forging packets to block legitimate endpoints. It also seems
> like they won't get in with good passwords, so it isn't actually
> accomplishing something to worry about the script kiddies if you have good
> passwords.  And this blocking won't actually stop someone with a zero day
> attack or who is sophisticated and can attack from many IP addresses - these
> are the real threats for people with good passwords.
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Barry Miller 
On Sun, Oct 31, 2010 at 03:23:52AM +0200, Tzafrir Cohen wrote:
> On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote:
> > Is there really any benefit to blocking these, if you use good passwords?
> 
> Regardless of any threat from those attacks succeeding, they completely
> saturated the uplink in our ADSL-connected office.
> 
> What are they after, anyway? Merely cheap international calls?

I'm guessing free PSTN access.  They don't want to DoS you.  The scans
are an attempt to collect valid extensions for later password guessing
attempts.  Every one I've seen has used svwar (from SIPVicious), which
by default will give up if it can't tell the difference between trying
to register (or invite) an unknown peer and a known one.  This is why
"alwaysauthreject = yes" is so effective, even though it bends RFC3261
a bit.

But keep using fail2ban, too.  "svwar.py --force" will cause it to scan
regardless of response code.

-- 
Barry

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Andrew Latham 
They have agreements for termination to locations with high rates.
These types of attacks happen on servers that fit a digital signature.
 With certain ports or certain versions of software on those ports.
Yes the Art of War is required reading for todays systems
administration professionals...  Change your signature, change your
ports.

> What are they after, anyway? Merely cheap international calls?
>
> --
>               Tzafrir Cohen

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Mobile Phones and Asterisk

2010-10-30 Thread jon pounder 
On 10/30/2010 09:24 PM, Sebastian wrote:
>
> On 10/29/2010 04:40 AM, jon pounder wrote:
>
>> On 10/28/2010 11:18 PM, GBR Icasiano, Ryan A. wrote:
>>
>> Here is what I do today and it works fine:
>>
>> - asterisk/trixbox
>> - Dext/android phone
>> - Bell Canada cell provider
>> - call comes in, to an extension with voicemail
>> - rings a bunch of sip devices (real phones, and the android via
>> linphone if it happens to be near wifi and registered (set to only use
>> wifi not 3g to register)
>> - if not answered call is forwarded back out a pots line and dials the
>> cell number (cell is not subscribed to provider voicemail)
>>  
> This is an advantage over my situation. Here (UK) - if you don't
> configure voicemail on your mobile - the mobile operator just plays a
> message along the lines "The phone number  is not available right
> now. Please try again later" (or something similar). Which screws things
> up - as Asterisk can't tell that the mobile is not available. To
> Asterisk, that message is the same as somebody answering the line. Same
> in France and Spain - as far as I've seen.
>

I think it does that here as well, but after a much longer delay than 
asterisk sits around waiting - like close to a minute I think.
It definitely varies by carrier as well - Rogers here can't even get 
their heads around delivering a txt message from an email to sms 
gateway, let alone handle something like the above.



> Sebastian
>
>
>> - still no answer that pots line is hung up and call drops back into the
>> original extension's vm. (I have not run into a problem with answer
>> detection, only that people don't stay on the line long enough for me to
>> answer on the second set of ringing, but if they are that impatient the
>> call was probably not important anyway)
>>
>> outgoing calls if registered I have a choice once I dial of linphone or
>> dialer to make the call.
>>
>> checking vm is just *98   from linphone as the dialing app, or dial
>> in and navigate to vm.
>>
>> linphone is a little less polished gui but seems to work the best for me
>> to reliably register when it should.
>> (tried about 5 different sip clients)
>>
>>
>>
>>
>>  
>>> Hi,
>>>
>>> Thanks for your very informative response. This is really helpful. I 
>>> wouldn't be pushing it though since it isn't possible as of now.
>>>
>>> Kudos!
>>>
>>> RYAN ICASIANO
>>> 
>>> From: asterisk-users-boun...@lists.digium.com 
>>> [asterisk-users-boun...@lists.digium.com] On Behalf Of Sebastian 
>>> [s...@open-t.co.uk]
>>> Sent: Friday, October 29, 2010 5:50 AM
>>> To: asterisk-users@lists.digium.com
>>> Subject: Re: [asterisk-users] Mobile Phones and Asterisk
>>>
>>> Hi,
>>>
>>> On 10/28/2010 11:20 AM, GBR Icasiano, Ryan A. wrote:
>>>
>>>
 Hi,

 I can actually place a successful call using that configuration. The telco 
 i'm currently working requires the prefix.

 What I'm trying to do is to capture the status of the mobile phone, if it 
 is currently engaged in a call or not.

  
>>> Maybe others who know better will jump in - but I seriously doubt you
>>> will be able to do this. From my limited knowledge, I believe mobile
>>> phone networks use different signalling then regular terrestrial based
>>> providers. I don't really think that the engaged tone sent back by the
>>> mobile operator will be decoded correctly by Asterisk.
>>>
>>> Not to mention that, I don't what happens where you are - but in UK for
>>> example - you don't even get an engaged tone from a mobile phone. You
>>> just get either sent to the user's voice mail, or you are played a
>>> message from the mobile phone operator which essentially tells you that
>>> the user is engaged or unavailable. Operators in many other European
>>> countries do the same. So from the point of what you are trying to
>>> achieve - this is useless in Asterisk.
>>>
>>> I would have liked to do the same thing - as I have line divert in
>>> Asterisk to my mobile phone - and I would have liked for Asterisk to
>>> just skip along to my Asterisk voice mail when my mobile is either out
>>> of coverage, or when I'm in a conversation on it. But no such luck. I
>>> believe the mobile operators wouldn't like the idea anyway - as they get
>>> to charge you extra for playing all those messages or sending you to
>>> their voicemail.
>>>
>>> I believe in parts of the North American continent things are similar,
>>> but even worse. As the caller gets charged as soon as the mobile phone
>>> starts ringing - apparently simply the act of accessing the mobile
>>> operator's network is chargeable - never mind if you get to speak to
>>> anybody or not.
>>>
>>> Then again, maybe things are different where you are - and maybe there
>>> is a way to get Asterisk to recognise the busy tone from your mobile
>>> operator. Maybe somebody here will jump in with a suggestion. It seems
>>> that it has to do with "busy signa

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Warren Selby 
To me it seems the real question is "What is going on today?". I normally get 
eight to ten asterisk-related fail2ban alerts a day between a few client sites 
- today I've received at least 10 times that many attacks on just one site. 
These are all coming in from different ip addresses, a new one every few 
minutes. These addresses are located all across the globe. This seems like some 
kind of coordinated assault - maybe someone is activating a 'bot-net' for sip 
attacks?

Thanks,
--Warren Selby

On Oct 30, 2010, at 9:02 PM, Andrew Latham  wrote:

> They have agreements for termination to locations with high rates.
> These types of attacks happen on servers that fit a digital signature.
> With certain ports or certain versions of software on those ports.
> Yes the Art of War is required reading for todays systems
> administration professionals...  Change your signature, change your
> ports.
> 
>> What are they after, anyway? Merely cheap international calls?
>> 
>> --
>>   Tzafrir Cohen
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread jon pounder 
On 10/30/2010 11:25 PM, Warren Selby wrote:
> To me it seems the real question is "What is going on today?". I normally get 
> eight to ten asterisk-related fail2ban alerts a day between a few client 
> sites - today I've received at least 10 times that many attacks on just one 
> site. These are all coming in from different ip addresses, a new one every 
> few minutes. These addresses are located all across the globe. This seems 
> like some kind of coordinated assault - maybe someone is activating a 
> 'bot-net' for sip attacks?
>
>

Certainly looks like it to me, I am seeing the same thing.




> Thanks,
> --Warren Selby
>
> On Oct 30, 2010, at 9:02 PM, Andrew Latham  wrote:
>
>
>> They have agreements for termination to locations with high rates.
>> These types of attacks happen on servers that fit a digital signature.
>> With certain ports or certain versions of software on those ports.
>> Yes the Art of War is required reading for todays systems
>> administration professionals...  Change your signature, change your
>> ports.
>>
>>  
>>> What are they after, anyway? Merely cheap international calls?
>>>
>>> --
>>>Tzafrir Cohen
>>>
>> -- 
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>  
>


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread John Ervin 
Any particular IP addresses or ranges of addresses?  I haven't seen any 
big upsurge.


On 10/30/2010 03:15 PM, Bruce Komito wrote:


Me too.

*From:*asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of 
*Zeeshan Zakaria

*Sent:* Saturday, October 30, 2010 11:29 AM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* [asterisk-users] Under heavy attack

My main asterisk server is under unusual heavy attack, and so far 
Fail2Ban has blocked about 30 IPs, from various different countries. 
At this time it is blocking about 1 IP address every few minutes.


Just wondering if anybody else is also experiencing unusually 
increased hack attempts today?


Zeeshan A Zakaria

--
www.ilovetovoip.com 
www.pbxforall.com  (beta)




--
John F. Ervin
Central Florida TeleSource
407-679-6238
http://jervin.com/cft
jer...@jervin.com

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread Stuart Sheldon 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/30/2010 08:25 PM, Warren Selby wrote:
> To me it seems the real question is "What is going on today?". I
> normally get eight to ten asterisk-related fail2ban alerts a day
> between a few client sites - today I've received at least 10 times
> that many attacks on just one site. These are all coming in from
> different ip addresses, a new one every few minutes. These addresses
> are located all across the globe. This seems like some kind of
> coordinated assault - maybe someone is activating a 'bot-net' for sip
> attacks?

We are seeing the same thing... It could be a bot-net, but it is a very
poorly organized attack. If is was a single bot-net, you would assume
that the systems would each pick a group of addresses, not all attack
the same addresses.

It could be an attempt to get a large number of systems blacklisted. If
someone was to spoof 1000s of addresses that cause operators to
black-list those addresses, they could knock quite a few systems off the
map. This could cause legitimate operators to get blocked, or, discredit
the current method used to detect and block SIP brute force attacks.

Just my two cents...

Stuart Sheldon
ACT USA


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMzO4ZAAoJEFKVLITDJSGSXtcP/iS2/U/Yq+5qFL+L7SHBhvxD
NKgULJvYB/93pJspIF5GkX6Pknawa1hs2HLLErgZJkB0KRipSyauNMXiyPwwOpgt
GoP6lwe7mJOLKqO4beOf4yhqABNp7hWLuYhi3QR7M7G54aqcuzXQB4pg86Gq5eC/
okhwUgoft6QjAUAiAmsX/r/yHPbDm4CgxQ3Yf0GHUQrfFtiu65F1jDUCLIbyNkyI
qyC0XtLIjy+uZqC7Onuv2L3t8vKHpzItdWYPcke1wRKYTgBLLHh/9J6J1mSY0TBz
YqYSkvqKi/ObiL8f8rTC055eE5kZAtqqqDTfSCZ64mEWeYkEUbY5n0T4P9t603Wu
c4POUst2dsRkHbC9Ewb1e6zC83R0B/zJz5WvNSJ5JaaMSrUp9WzH9NCnVl74GnmW
BiDRFm3UMDtB+zKPGPZBShP+JBbbo3fGEzD4xKel+Qm5dv6iAGP1u//UvwcQtGjj
DeywFaMmaQKd9//3QT50W7MiYoGFFg+EkkIqleHxe8Uaj+kC7Zr3sbsTFmQ/i1D9
0JIcfO6kmHiIF18JHBz1KG+xSOMteVcwy61bwPa1lzQ2DlFS61dAOUVcV3G77WuI
pFRJajMqjGXV9YBHilemA7ODaWvVgscTCyGwOcYHMV8kZEyqX2uhLSJerQW/05LG
oL2jJzzdFRKfFX6pDQNV
=FQwn
-END PGP SIGNATURE-

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Under heavy attack

2010-10-30 Thread C F 
One word: Rubbish

On Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak  wrote:
> No.  It seems that opening up some sort of automatic blocking could cause an 
> attacker forging packets to block legitimate endpoints. It also seems like 
> they won't get in with good passwords, so it isn't actually accomplishing 
> something to worry about the script kiddies if you have good passwords.  And 
> this blocking won't actually stop someone with a zero day attack or who is 
> sophisticated and can attack from many IP addresses - these are the real 
> threats for people with good passwords.
>
> The CPU usage is trivial to deny them.  As is the bandwidth usage, if you are 
> not sitting on a slowish broadband connection.
>
> Sure blocking doesn't hurt, but does the help it provides exceed the 
> downsides (effort and risk of blocking legitimate users)?  I suspect it 
> doesn't...if you have strong passwords.  If you have weak passwords, you 
> should fix that.
>
> It also seems that the only way to make blocking effective is to block 
> everything by default except known endpoints.  Blocking the door knickers 
> doesn't protect against a bad guy finding (not through brute force) valid 
> credentials.
>
> For me, monitoring outbound call volume makes a lot more sense.  I would love 
> to see an easy to use, out of the box method to alert me if more than "x" 
> number of erlangs* are exceeded within a five minute, sixty minute, and one 
> day time period. For me, I would want alerting on more than 10 erlangs over 
> five minutes, 8 over an hour, and 2 over a day. Exceeding these would likely 
> indicate fraud for my installation.  Smaller sites would use smaller numbers, 
> larger ones would use bigger ones.
>
> *erlang: one erlang represents full utilization of a single call path over 
> the monitoring period.  The monitoring period is usually one hour, but can be 
> anything (5, 60, or 1440 minutes in this case).
>
> On Oct 30, 2010, at 6:53 PM, C F  wrote:
>
>> You kidding?
>>
>> On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak  wrote:
>>> Is there really any benefit to blocking these, if you use good passwords?
>>>
>>> On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby  wrote:

 I'm experiencing this on one of my clients servers. The attack is
 ongoing.

 Thanks,
 --Warren Selby
 On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria  wrote:

 My main asterisk server is under unusual heavy attack, and so far Fail2Ban
 has blocked about 30 IPs, from various different countries. At this time it
 is blocking about 1 IP address every few minutes.

 Just wondering if anybody else is also experiencing unusually increased
 hack attempts today?

 Zeeshan A Zakaria

 --
 www.ilovetovoip.com
 www.pbxforall.com (beta)

 --
 _
 -- Bandwidth and Colocation Provided by http://www.api-digital.com --
 New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

 asterisk-users mailing list
 To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 --
 _
 -- Bandwidth and Colocation Provided by http://www.api-digital.com --
 New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

 asterisk-users mailing list
 To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>>
>>> --
>>> _
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>>               http://www.asterisk.org/hello
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

-- 
_
-- Ba