[asterisk-users] Gtalk and asterisk 1.6
I have been using rpm version of asterisk 1.6. However, I notice the support for gtalk is absent from rpm. I tried to compile source code and then moved to the /usr/lib/asterisk/modules. But the modules cannot be loaded. Anyone has successful experience. Mine is using 1.6.2.12. I also tried in asterisk 1.8. It works well but only the GUI is not working. CK -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Under heavy attack
My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
Me too. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 11:29 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] Under heavy attack My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.comhttp://www.ilovetovoip.com www.pbxforall.comhttp://www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
Is there really any benefit to blocking these, if you use good passwords? On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby wcse...@selbytech.com wrote: I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- http://www.ilovetovoip.comwww.ilovetovoip.com http://www.pbxforall.comwww.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 We are also seeing an increase in attacks. And yes, there is a benefit to blocking them. They tend to go away if you have them restricted, where if you let them go at it, they will sit on your host for sometimes hours. Stu On 10/30/2010 12:43 PM, Joel Maslak wrote: Is there really any benefit to blocking these, if you use good passwords? On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby wcse...@selbytech.com mailto:wcse...@selbytech.com wrote: I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria zisha...@gmail.com mailto:zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- http://www.ilovetovoip.comwww.ilovetovoip.com http://www.ilovetovoip.com http://www.pbxforall.comwww.pbxforall.com http://www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hellohttp://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-usershttp://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJMzHsdAAoJEFKVLITDJSGS2fwP/j7/Jkcza71zoEMPMdegh+K5 ASVOda6yPazRmY6LAjqrNTwMyASmmngr/LLZbBmqRNXdzjWqDJ5+CEmCK09/WlcB etoz09XTNd0mswMq8r2uVSdKE7PBTZRlNokIfwbwSvWFIL01qbdA3urHVIJuNDuI V2eN94K+lgX7m69TFHe4J209X7BXQS3HxDl0aQVcW+NnofWj9o6BXoLdQXrkS/sG C7npBqpUe1asoyl2Bo5qSpzzMGiebZOcMIjKAEEu0anESZKKuNIhcj4BX6uOCRk0 8//IlNmqMVKfJr8ttpqZVbbKI9AKjTWBHV77LzSNkPgcFjD6WeiOSnOMWW0UNAgE 3iaTCzXO9GwJLhRucdoezCI78qCkFdO8N0C6UZcrW/eP7bJdxa4Ab0of3EtG3V2U QjeKQYYpL7O0my3uwO4I1BY7qiDTqibTzQ6Gb7Y4No029R78cWff3xIueU5rNZeO Fr/2ODNFZE0Q1+KA7d29308jIKY0Ubz5s/QBKbAjWfQk80dQ4BE/6nqBUJmZWIAx CNL8dK+jv6uCIi5Ae2tMHGestkcy4Ol4fdKC6emVLgm4DbRYKAg259lkoAifT7qo 8/0LWfjuP8mXHaQ2x023wTKg+FyZCIwJmpr8UDaKwMdtFgwpLuZeQrYuRQiW8TCS xkBSL1xkLIoEy1b3NLDv =eqQ+ -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
On 10/30/2010 04:07 PM, Stuart Sheldon wrote: any registry of abusers like for spam ? any list of complete ip ranges for countries where abuse is rampant to block ? I am getting sick of the one offs and ready to start blocking big chunks of address space. -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 We are also seeing an increase in attacks. And yes, there is a benefit to blocking them. They tend to go away if you have them restricted, where if you let them go at it, they will sit on your host for sometimes hours. Stu On 10/30/2010 12:43 PM, Joel Maslak wrote: Is there really any benefit to blocking these, if you use good passwords? On Sat, Oct 30, 2010 at 1:20 PM, Warren Selbywcse...@selbytech.com mailto:wcse...@selbytech.com wrote: I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakariazisha...@gmail.com mailto:zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- http://www.ilovetovoip.comwww.ilovetovoip.com http://www.ilovetovoip.com http://www.pbxforall.comwww.pbxforall.com http://www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hellohttp://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-usershttp://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJMzHsdAAoJEFKVLITDJSGS2fwP/j7/Jkcza71zoEMPMdegh+K5 ASVOda6yPazRmY6LAjqrNTwMyASmmngr/LLZbBmqRNXdzjWqDJ5+CEmCK09/WlcB etoz09XTNd0mswMq8r2uVSdKE7PBTZRlNokIfwbwSvWFIL01qbdA3urHVIJuNDuI V2eN94K+lgX7m69TFHe4J209X7BXQS3HxDl0aQVcW+NnofWj9o6BXoLdQXrkS/sG C7npBqpUe1asoyl2Bo5qSpzzMGiebZOcMIjKAEEu0anESZKKuNIhcj4BX6uOCRk0 8//IlNmqMVKfJr8ttpqZVbbKI9AKjTWBHV77LzSNkPgcFjD6WeiOSnOMWW0UNAgE 3iaTCzXO9GwJLhRucdoezCI78qCkFdO8N0C6UZcrW/eP7bJdxa4Ab0of3EtG3V2U QjeKQYYpL7O0my3uwO4I1BY7qiDTqibTzQ6Gb7Y4No029R78cWff3xIueU5rNZeO Fr/2ODNFZE0Q1+KA7d29308jIKY0Ubz5s/QBKbAjWfQk80dQ4BE/6nqBUJmZWIAx CNL8dK+jv6uCIi5Ae2tMHGestkcy4Ol4fdKC6emVLgm4DbRYKAg259lkoAifT7qo 8/0LWfjuP8mXHaQ2x023wTKg+FyZCIwJmpr8UDaKwMdtFgwpLuZeQrYuRQiW8TCS xkBSL1xkLIoEy1b3NLDv =eqQ+ -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Tormenta 3 (Tor3e) - Driver.
Hello All,Would be possible someone send me driver for tormenta 3 pcicard ? I see that www.govarion.com is no longer available.Thank you so much.Jeff -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Tormenta 3 (Tor3e) - Driver.
Hello All,Would be possible someone send me driver for tormenta 3 pcicard ? I see that Govarion website is no longer available.Thank you so much.Jeff -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Exceptionally long queue length queuing . . . .
I wonder if anyone out there has a perspective on this. There are a welter of tickets out there on the matter, most of them closed. This problem began for me over a year ago, and continues up to the latest versions I've installed (1.6.2.13). It happens randomly, and the suggestion on one of the bug tracker tickets that it is instigated by a small network leg looks to be on point to me, because while it happens way often, it doesn't always happen. My ITSPs have all dropped IAX, and if they're experiencing this problem I can see why. Once the first of these messages has occurred, it's goodbye audio for the rest of the call. If anyone has a perspective on this longstanding problem, I'd sure be glad to hear it. Thanks. b. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
On Sat, 2010-10-30 at 14:28 -0400, Zeeshan Zakaria wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Just 30 ? I got 1593 different IP's on my personal blacklist who constantly are looking if i may lower my guards. Though 82.101.63.5 and 132.68.58.60 are rather busy tonight... hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
We have about 8-10 boinking us. They generally run a 1- peer attack and a few alphas like common words or eieio We use large, complex peer IDs and passwords, so they have a long way to go. I am happy to help keep them busy. I also send messages to their network abuse address. Cary Fitch -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Hans Witvliet Sent: Saturday, October 30, 2010 6:11 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Under heavy attack On Sat, 2010-10-30 at 14:28 -0400, Zeeshan Zakaria wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Just 30 ? I got 1593 different IP's on my personal blacklist who constantly are looking if i may lower my guards. Though 82.101.63.5 and 132.68.58.60 are rather busy tonight... hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] What is digium doing on port 113?
While on the subject, what is digium doing on my port 113? just from my logfile: Oct 31 01:11:07 fw2 kernel: EXT; INC, INTRUDER IN=eth0 OUT= MAC=08:00:20:da:3b:4a:00:90:1a:42:70:d3:08:00 SRC=216.207.245.17 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=15394 PROTO=TCP SPT=56211 DPT=113 WINDOW=0 RES=0x00 RST URGP=0 host 216.207.245.17 17.245.207.216.in-addr.arpa domain name pointer lists.digium.com. I'm not logged @digium, not compiling, not accessing list archives retieving svn's From http://www.unidata.ucar.edu/support/help/MailArchives/idd/msg00983.html Port 113 supports what is known as an IDENT service. Basically, it tries to determine the remote user of a given client network connection. Yesterday, our web server (128.117.149.62) logged several connections from mail.arilabs.com (206.129.115.118) to which it attempts a connection on port 113. If it is sucessful, it will determine the remote user who connected. This service is widely used on Unix systems, but not really supported on Windows or Mac operating systems. So why is the list-server sending an ident-REQ to my IP? It is blocked anyway, bur WHY??? hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] What is digium doing on port 113?
Probably doing an ident lookup when you send mail to the list. Standard sendmail behavior. On Oct 30, 2010, at 5:37 PM, Hans Witvliet h...@a-domani.nl wrote: While on the subject, what is digium doing on my port 113? just from my logfile: Oct 31 01:11:07 fw2 kernel: EXT; INC, INTRUDER IN=eth0 OUT= MAC=08:00:20:da:3b:4a:00:90:1a:42:70:d3:08:00 SRC=216.207.245.17 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=15394 PROTO=TCP SPT=56211 DPT=113 WINDOW=0 RES=0x00 RST URGP=0 host 216.207.245.17 17.245.207.216.in-addr.arpa domain name pointer lists.digium.com. I'm not logged @digium, not compiling, not accessing list archives retieving svn's From http://www.unidata.ucar.edu/support/help/MailArchives/idd/msg00983.html Port 113 supports what is known as an IDENT service. Basically, it tries to determine the remote user of a given client network connection. Yesterday, our web server (128.117.149.62) logged several connections from mail.arilabs.com (206.129.115.118) to which it attempts a connection on port 113. If it is sucessful, it will determine the remote user who connected. This service is widely used on Unix systems, but not really supported on Windows or Mac operating systems. So why is the list-server sending an ident-REQ to my IP? It is blocked anyway, bur WHY??? hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
You kidding? On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak jmas...@antelope.net wrote: Is there really any benefit to blocking these, if you use good passwords? On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby wcse...@selbytech.com wrote: I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote: Is there really any benefit to blocking these, if you use good passwords? Regardless of any threat from those attacks succeeding, they completely saturated the uplink in our ADSL-connected office. What are they after, anyway? Merely cheap international calls? -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Mobile Phones and Asterisk
On 10/29/2010 04:40 AM, jon pounder wrote: On 10/28/2010 11:18 PM, GBR Icasiano, Ryan A. wrote: Here is what I do today and it works fine: - asterisk/trixbox - Dext/android phone - Bell Canada cell provider - call comes in, to an extension with voicemail - rings a bunch of sip devices (real phones, and the android via linphone if it happens to be near wifi and registered (set to only use wifi not 3g to register) - if not answered call is forwarded back out a pots line and dials the cell number (cell is not subscribed to provider voicemail) This is an advantage over my situation. Here (UK) - if you don't configure voicemail on your mobile - the mobile operator just plays a message along the lines The phone number is not available right now. Please try again later (or something similar). Which screws things up - as Asterisk can't tell that the mobile is not available. To Asterisk, that message is the same as somebody answering the line. Same in France and Spain - as far as I've seen. Sebastian - still no answer that pots line is hung up and call drops back into the original extension's vm. (I have not run into a problem with answer detection, only that people don't stay on the line long enough for me to answer on the second set of ringing, but if they are that impatient the call was probably not important anyway) outgoing calls if registered I have a choice once I dial of linphone or dialer to make the call. checking vm is just *98ext from linphone as the dialing app, or dial in and navigate to vm. linphone is a little less polished gui but seems to work the best for me to reliably register when it should. (tried about 5 different sip clients) Hi, Thanks for your very informative response. This is really helpful. I wouldn't be pushing it though since it isn't possible as of now. Kudos! RYAN ICASIANO From: asterisk-users-boun...@lists.digium.com [asterisk-users-boun...@lists.digium.com] On Behalf Of Sebastian [s...@open-t.co.uk] Sent: Friday, October 29, 2010 5:50 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Mobile Phones and Asterisk Hi, On 10/28/2010 11:20 AM, GBR Icasiano, Ryan A. wrote: Hi, I can actually place a successful call using that configuration. The telco i'm currently working requires the prefix. What I'm trying to do is to capture the status of the mobile phone, if it is currently engaged in a call or not. Maybe others who know better will jump in - but I seriously doubt you will be able to do this. From my limited knowledge, I believe mobile phone networks use different signalling then regular terrestrial based providers. I don't really think that the engaged tone sent back by the mobile operator will be decoded correctly by Asterisk. Not to mention that, I don't what happens where you are - but in UK for example - you don't even get an engaged tone from a mobile phone. You just get either sent to the user's voice mail, or you are played a message from the mobile phone operator which essentially tells you that the user is engaged or unavailable. Operators in many other European countries do the same. So from the point of what you are trying to achieve - this is useless in Asterisk. I would have liked to do the same thing - as I have line divert in Asterisk to my mobile phone - and I would have liked for Asterisk to just skip along to my Asterisk voice mail when my mobile is either out of coverage, or when I'm in a conversation on it. But no such luck. I believe the mobile operators wouldn't like the idea anyway - as they get to charge you extra for playing all those messages or sending you to their voicemail. I believe in parts of the North American continent things are similar, but even worse. As the caller gets charged as soon as the mobile phone starts ringing - apparently simply the act of accessing the mobile operator's network is chargeable - never mind if you get to speak to anybody or not. Then again, maybe things are different where you are - and maybe there is a way to get Asterisk to recognise the busy tone from your mobile operator. Maybe somebody here will jump in with a suggestion. It seems that it has to do with busy signalling in Asterisk. A softphone I believe will accomplish this out of band - with some commands over SIP. While PSTN (normal phone lines) and mobiles I believe tend to signal this with inband tones (part of the sound coming down the line). You might also want to check your regional settings in Asterisk. Sebastian I achieved this successfully by emulating it via a softphone, when I call a softphone and it is currently engaged in a call, asterisk returns BUSY in DIALSTATUS and will automatically fallback to the next step in the dialplan. But this is not the case when applying it to the mobile phone. When the target phone is currently engaged in a call, and I called the
Re: [asterisk-users] What is digium doing on port 113?
On 31 Oct 2010, at 01:29, Joel Maslak wrote: Probably doing an ident lookup when you send mail to the list. Standard sendmail behavior. Agreed. Nothing to worry about. S -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
No. It seems that opening up some sort of automatic blocking could cause an attacker forging packets to block legitimate endpoints. It also seems like they won't get in with good passwords, so it isn't actually accomplishing something to worry about the script kiddies if you have good passwords. And this blocking won't actually stop someone with a zero day attack or who is sophisticated and can attack from many IP addresses - these are the real threats for people with good passwords. The CPU usage is trivial to deny them. As is the bandwidth usage, if you are not sitting on a slowish broadband connection. Sure blocking doesn't hurt, but does the help it provides exceed the downsides (effort and risk of blocking legitimate users)? I suspect it doesn't...if you have strong passwords. If you have weak passwords, you should fix that. It also seems that the only way to make blocking effective is to block everything by default except known endpoints. Blocking the door knickers doesn't protect against a bad guy finding (not through brute force) valid credentials. For me, monitoring outbound call volume makes a lot more sense. I would love to see an easy to use, out of the box method to alert me if more than x number of erlangs* are exceeded within a five minute, sixty minute, and one day time period. For me, I would want alerting on more than 10 erlangs over five minutes, 8 over an hour, and 2 over a day. Exceeding these would likely indicate fraud for my installation. Smaller sites would use smaller numbers, larger ones would use bigger ones. *erlang: one erlang represents full utilization of a single call path over the monitoring period. The monitoring period is usually one hour, but can be anything (5, 60, or 1440 minutes in this case). On Oct 30, 2010, at 6:53 PM, C F shma...@gmail.com wrote: You kidding? On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak jmas...@antelope.net wrote: Is there really any benefit to blocking these, if you use good passwords? On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby wcse...@selbytech.com wrote: I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
Ah, that makes sense - I probably would restrict to only known endpoints by IP address if I has only DSL bandwidth. But blocking attackers makes sense if that isn't an option. Yes, they are after cheap calls. On Oct 30, 2010, at 7:23 PM, Tzafrir Cohen tzafrir.co...@xorcom.com wrote: On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote: Is there really any benefit to blocking these, if you use good passwords? Regardless of any threat from those attacks succeeding, they completely saturated the uplink in our ADSL-connected office. What are they after, anyway? Merely cheap international calls? -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
My count has reached 100 for the day. The server serves doesn't serve international calls anyways, I wonder how would it benefit any hacker in any way. -- Zeeshan Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening up some sort of automatic blocking could cause an attacker forging packets to block legitimate endpoints. It also seems like they won't get in with good passwords, so it isn't actually accomplishing something to worry about the script kiddies if you have good passwords. And this blocking won't actually stop someone with a zero day attack or who is sophisticated and can attack from many IP addresses - these are the real threats for people with good passwords. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
On Sun, Oct 31, 2010 at 03:23:52AM +0200, Tzafrir Cohen wrote: On Sat, Oct 30, 2010 at 01:43:49PM -0600, Joel Maslak wrote: Is there really any benefit to blocking these, if you use good passwords? Regardless of any threat from those attacks succeeding, they completely saturated the uplink in our ADSL-connected office. What are they after, anyway? Merely cheap international calls? I'm guessing free PSTN access. They don't want to DoS you. The scans are an attempt to collect valid extensions for later password guessing attempts. Every one I've seen has used svwar (from SIPVicious), which by default will give up if it can't tell the difference between trying to register (or invite) an unknown peer and a known one. This is why alwaysauthreject = yes is so effective, even though it bends RFC3261 a bit. But keep using fail2ban, too. svwar.py --force will cause it to scan regardless of response code. -- Barry -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
They have agreements for termination to locations with high rates. These types of attacks happen on servers that fit a digital signature. With certain ports or certain versions of software on those ports. Yes the Art of War is required reading for todays systems administration professionals... Change your signature, change your ports. What are they after, anyway? Merely cheap international calls? -- Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Mobile Phones and Asterisk
On 10/30/2010 09:24 PM, Sebastian wrote: On 10/29/2010 04:40 AM, jon pounder wrote: On 10/28/2010 11:18 PM, GBR Icasiano, Ryan A. wrote: Here is what I do today and it works fine: - asterisk/trixbox - Dext/android phone - Bell Canada cell provider - call comes in, to an extension with voicemail - rings a bunch of sip devices (real phones, and the android via linphone if it happens to be near wifi and registered (set to only use wifi not 3g to register) - if not answered call is forwarded back out a pots line and dials the cell number (cell is not subscribed to provider voicemail) This is an advantage over my situation. Here (UK) - if you don't configure voicemail on your mobile - the mobile operator just plays a message along the lines The phone number is not available right now. Please try again later (or something similar). Which screws things up - as Asterisk can't tell that the mobile is not available. To Asterisk, that message is the same as somebody answering the line. Same in France and Spain - as far as I've seen. I think it does that here as well, but after a much longer delay than asterisk sits around waiting - like close to a minute I think. It definitely varies by carrier as well - Rogers here can't even get their heads around delivering a txt message from an email to sms gateway, let alone handle something like the above. Sebastian - still no answer that pots line is hung up and call drops back into the original extension's vm. (I have not run into a problem with answer detection, only that people don't stay on the line long enough for me to answer on the second set of ringing, but if they are that impatient the call was probably not important anyway) outgoing calls if registered I have a choice once I dial of linphone or dialer to make the call. checking vm is just *98ext from linphone as the dialing app, or dial in and navigate to vm. linphone is a little less polished gui but seems to work the best for me to reliably register when it should. (tried about 5 different sip clients) Hi, Thanks for your very informative response. This is really helpful. I wouldn't be pushing it though since it isn't possible as of now. Kudos! RYAN ICASIANO From: asterisk-users-boun...@lists.digium.com [asterisk-users-boun...@lists.digium.com] On Behalf Of Sebastian [s...@open-t.co.uk] Sent: Friday, October 29, 2010 5:50 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Mobile Phones and Asterisk Hi, On 10/28/2010 11:20 AM, GBR Icasiano, Ryan A. wrote: Hi, I can actually place a successful call using that configuration. The telco i'm currently working requires the prefix. What I'm trying to do is to capture the status of the mobile phone, if it is currently engaged in a call or not. Maybe others who know better will jump in - but I seriously doubt you will be able to do this. From my limited knowledge, I believe mobile phone networks use different signalling then regular terrestrial based providers. I don't really think that the engaged tone sent back by the mobile operator will be decoded correctly by Asterisk. Not to mention that, I don't what happens where you are - but in UK for example - you don't even get an engaged tone from a mobile phone. You just get either sent to the user's voice mail, or you are played a message from the mobile phone operator which essentially tells you that the user is engaged or unavailable. Operators in many other European countries do the same. So from the point of what you are trying to achieve - this is useless in Asterisk. I would have liked to do the same thing - as I have line divert in Asterisk to my mobile phone - and I would have liked for Asterisk to just skip along to my Asterisk voice mail when my mobile is either out of coverage, or when I'm in a conversation on it. But no such luck. I believe the mobile operators wouldn't like the idea anyway - as they get to charge you extra for playing all those messages or sending you to their voicemail. I believe in parts of the North American continent things are similar, but even worse. As the caller gets charged as soon as the mobile phone starts ringing - apparently simply the act of accessing the mobile operator's network is chargeable - never mind if you get to speak to anybody or not. Then again, maybe things are different where you are - and maybe there is a way to get Asterisk to recognise the busy tone from your mobile operator. Maybe somebody here will jump in with a suggestion. It seems that it has to do with busy signalling in Asterisk. A softphone I believe will accomplish this out of band - with some commands over SIP. While PSTN (normal phone lines) and mobiles I believe tend to signal this with inband tones (part of the sound coming down the line). You might also want to check
Re: [asterisk-users] Under heavy attack
To me it seems the real question is What is going on today?. I normally get eight to ten asterisk-related fail2ban alerts a day between a few client sites - today I've received at least 10 times that many attacks on just one site. These are all coming in from different ip addresses, a new one every few minutes. These addresses are located all across the globe. This seems like some kind of coordinated assault - maybe someone is activating a 'bot-net' for sip attacks? Thanks, --Warren Selby On Oct 30, 2010, at 9:02 PM, Andrew Latham lath...@gmail.com wrote: They have agreements for termination to locations with high rates. These types of attacks happen on servers that fit a digital signature. With certain ports or certain versions of software on those ports. Yes the Art of War is required reading for todays systems administration professionals... Change your signature, change your ports. What are they after, anyway? Merely cheap international calls? -- Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
On 10/30/2010 11:25 PM, Warren Selby wrote: To me it seems the real question is What is going on today?. I normally get eight to ten asterisk-related fail2ban alerts a day between a few client sites - today I've received at least 10 times that many attacks on just one site. These are all coming in from different ip addresses, a new one every few minutes. These addresses are located all across the globe. This seems like some kind of coordinated assault - maybe someone is activating a 'bot-net' for sip attacks? Certainly looks like it to me, I am seeing the same thing. Thanks, --Warren Selby On Oct 30, 2010, at 9:02 PM, Andrew Lathamlath...@gmail.com wrote: They have agreements for termination to locations with high rates. These types of attacks happen on servers that fit a digital signature. With certain ports or certain versions of software on those ports. Yes the Art of War is required reading for todays systems administration professionals... Change your signature, change your ports. What are they after, anyway? Merely cheap international calls? -- Tzafrir Cohen -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
Any particular IP addresses or ranges of addresses? I haven't seen any big upsurge. On 10/30/2010 03:15 PM, Bruce Komito wrote: Me too. *From:*asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Saturday, October 30, 2010 11:29 AM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* [asterisk-users] Under heavy attack My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.com http://www.ilovetovoip.com www.pbxforall.com http://www.pbxforall.com (beta) -- John F. Ervin Central Florida TeleSource 407-679-6238 http://jervin.com/cft jer...@jervin.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/30/2010 08:25 PM, Warren Selby wrote: To me it seems the real question is What is going on today?. I normally get eight to ten asterisk-related fail2ban alerts a day between a few client sites - today I've received at least 10 times that many attacks on just one site. These are all coming in from different ip addresses, a new one every few minutes. These addresses are located all across the globe. This seems like some kind of coordinated assault - maybe someone is activating a 'bot-net' for sip attacks? We are seeing the same thing... It could be a bot-net, but it is a very poorly organized attack. If is was a single bot-net, you would assume that the systems would each pick a group of addresses, not all attack the same addresses. It could be an attempt to get a large number of systems blacklisted. If someone was to spoof 1000s of addresses that cause operators to black-list those addresses, they could knock quite a few systems off the map. This could cause legitimate operators to get blocked, or, discredit the current method used to detect and block SIP brute force attacks. Just my two cents... Stuart Sheldon ACT USA -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJMzO4ZAAoJEFKVLITDJSGSXtcP/iS2/U/Yq+5qFL+L7SHBhvxD NKgULJvYB/93pJspIF5GkX6Pknawa1hs2HLLErgZJkB0KRipSyauNMXiyPwwOpgt GoP6lwe7mJOLKqO4beOf4yhqABNp7hWLuYhi3QR7M7G54aqcuzXQB4pg86Gq5eC/ okhwUgoft6QjAUAiAmsX/r/yHPbDm4CgxQ3Yf0GHUQrfFtiu65F1jDUCLIbyNkyI qyC0XtLIjy+uZqC7Onuv2L3t8vKHpzItdWYPcke1wRKYTgBLLHh/9J6J1mSY0TBz YqYSkvqKi/ObiL8f8rTC055eE5kZAtqqqDTfSCZ64mEWeYkEUbY5n0T4P9t603Wu c4POUst2dsRkHbC9Ewb1e6zC83R0B/zJz5WvNSJ5JaaMSrUp9WzH9NCnVl74GnmW BiDRFm3UMDtB+zKPGPZBShP+JBbbo3fGEzD4xKel+Qm5dv6iAGP1u//UvwcQtGjj DeywFaMmaQKd9//3QT50W7MiYoGFFg+EkkIqleHxe8Uaj+kC7Zr3sbsTFmQ/i1D9 0JIcfO6kmHiIF18JHBz1KG+xSOMteVcwy61bwPa1lzQ2DlFS61dAOUVcV3G77WuI pFRJajMqjGXV9YBHilemA7ODaWvVgscTCyGwOcYHMV8kZEyqX2uhLSJerQW/05LG oL2jJzzdFRKfFX6pDQNV =FQwn -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Under heavy attack
One word: Rubbish On Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening up some sort of automatic blocking could cause an attacker forging packets to block legitimate endpoints. It also seems like they won't get in with good passwords, so it isn't actually accomplishing something to worry about the script kiddies if you have good passwords. And this blocking won't actually stop someone with a zero day attack or who is sophisticated and can attack from many IP addresses - these are the real threats for people with good passwords. The CPU usage is trivial to deny them. As is the bandwidth usage, if you are not sitting on a slowish broadband connection. Sure blocking doesn't hurt, but does the help it provides exceed the downsides (effort and risk of blocking legitimate users)? I suspect it doesn't...if you have strong passwords. If you have weak passwords, you should fix that. It also seems that the only way to make blocking effective is to block everything by default except known endpoints. Blocking the door knickers doesn't protect against a bad guy finding (not through brute force) valid credentials. For me, monitoring outbound call volume makes a lot more sense. I would love to see an easy to use, out of the box method to alert me if more than x number of erlangs* are exceeded within a five minute, sixty minute, and one day time period. For me, I would want alerting on more than 10 erlangs over five minutes, 8 over an hour, and 2 over a day. Exceeding these would likely indicate fraud for my installation. Smaller sites would use smaller numbers, larger ones would use bigger ones. *erlang: one erlang represents full utilization of a single call path over the monitoring period. The monitoring period is usually one hour, but can be anything (5, 60, or 1440 minutes in this case). On Oct 30, 2010, at 6:53 PM, C F shma...@gmail.com wrote: You kidding? On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak jmas...@antelope.net wrote: Is there really any benefit to blocking these, if you use good passwords? On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby wcse...@selbytech.com wrote: I'm experiencing this on one of my clients servers. The attack is ongoing. Thanks, --Warren Selby On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria zisha...@gmail.com wrote: My main asterisk server is under unusual heavy attack, and so far Fail2Ban has blocked about 30 IPs, from various different countries. At this time it is blocking about 1 IP address every few minutes. Just wondering if anybody else is also experiencing unusually increased hack attempts today? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello