date:20180301

Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

2018-03-01 Thread Daniel Tryba

On Thu, Mar 01, 2018 at 02:46:31PM +, Thomas Peters wrote:
> Right-- I've seen the Avaya document you cite below. It says "To
> administer DHCP option 242, make a copy of an existing option 176" but
> I don't have any example of option 176 or 242 to copy, and don't know
> what to do to /etc/dhcpd.conf to make it offer option 242. 
> 
> Then there's this long table of parameters to use with (presumably)
> option 242.
> 
> I was hoping someone had a working minimal example of a dhcp option
> 242 config I could copy and modify.

Example for our old IP Office (192.168.250.1)  setup:

option option-242 code 242 = string;

subnet 10.0.0.0 netmask 255.255.0.0 {
   #option option-242 "L2Q=1,L2QVLAN=4";
   #option option-242 "HTTPSRVR=10.1.2.3/files";
   option option-242 "MCIPADD=192.168.250.1,MCPORT=1719,HTTPSRVR=192.168.250.1";
}


My guess is you only need HTTPSRVR=hostname/path 
This should point to a dir where a 46xxsettings.txt exists.
Must contain something like:


SET SIPPROXYSRVR 172.16.0.2
SET SIPPORT  5060
SET SIPDOMAIN 172.16.0.2
SET SIPREGISTRAR 172.16.0.2
SET SIP_CONTROLLER_LIST 172.16.0.2:5060;transport=tcp 
SET ENABLE_AVAYA_ENVIRONMENT 0 
SET CONFIG_SERVER_SECURE_MODE 0
SET SIPSIGNAL 0
SET REGISTERWAIT 900

SET CLDISPCONTENT 0
SET DISPLAY_NAME_NUMBER 3

SET DIALPLAN 2xx|0[1-7]|08[458]xxx
SET PHNNUMOFSA 2
SET GMTOFFSET 1:00
SET DSTOFFSET 1
SET DSTSTART LSunMar2L
SET DSTSTOP LSunOct2L

SET BRANDING_VOLUME 1
SET AGCHAND 0
SET AGCHEAD 0
SET AGCSPKR 0
SET DATETIMEFORMAT 2
SET TIMEFORMAT 1
SET SNTPSRVR 109.235.32.103,109.235.32.119
SET ENTRYNAME 0

SET PHNOL


 
> They only have minimal function? No speed dials, BLFs, etc? 

Not as fas as I know. I configured this in 2013 and at that time only
call/transfer and conference worked.


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Blacklist failed attempts

2018-03-01 Thread Benoit Panizzon

Hi

You could do somethink like this in Perl:

#!/usr/bin/perl -w
use strict;
use warnings;
my (@failhost);
my %currblocked;
my %addblocked;
my $action;

open (MYINPUTFILE, "/var/log/asterisk/messages") or die "\n", $!, "Does log 
file file exist\?\n\n";
 
while () {
my ($line) = $_;
chomp($line);
if ($line =~ m/\' failed for \'(.*?):\d+\' - No matching peer found/) {
push(@failhost,$1);
}
if ($line =~ m/\' failed for \'(.*?):\d+\' - Wrong password/) {
push(@failhost,$1);
}
}
 
my $blockedhosts = `/sbin/iptables -n -L asterisk`;
 
while ($blockedhosts =~ /(.*)/g) {
my ($line2) = $1;
chomp($line2);
if ($line2 =~ m/(\d+\.\d+\.\d+\.\d+)(\s+)/) {
$currblocked{ $1 } = 'blocked';
}
}

if (@failhost) {
_unique(@failhost);
while (my ($ip, $count) = each(%addblocked)) {
if (exists $currblocked{ $ip }) {
} else {
$action = `/sbin/iptables -I asterisk -s $ip -j REJECT`;
print "$ip blocked. $count attempts.\n";
}
}
} else {
#print "no failed registrations.\n";
}
 
sub count_unique {
my @array = @_;
my %count;
map { $count{$_}++ } @array;
map {($addblocked{ $_ } = ${count{$_}})} sort keys(%count);
}

Mind, this would NOT block attempts via IPv6. So I have stopped using that 
script, also reading the file over and over again is not very performant.

I have not opted to using my MirkroTik Firewall to block failed attempts, 
similar rules can also be make with iptables:

In the Mangle Ruleset:

 1;;; SIP Check Unauth
  chain=forward action=add-dst-to-address-list protocol=udp 
src-address-list=SIP-Servers address-list=sip-auth-fail 
address-list-timeout=10m 
  out-interface=IMP-PPPOE src-port=5060 content=SIP/2.0 401 Unauthorized 
log=no log-prefix=""

 2;;; tcp sip check auth fail
  chain=forward action=add-dst-to-address-list protocol=tcp 
src-address-list=SIP-Servers address-list=sip-auth-fail 
address-list-timeout=10m 
  out-interface=IMP-PPPOE src-port=5060 content=SIP/2.0 401 Unauthorized 
log=no log-prefix=""

And then you just block all source address from sip-auth-fail in your 
forwarding table. This works for IPv6 and IPv4.

(Als yes, depending on the speed of your link, this also could be ressource 
intensive on your firewall, as it does full packet inspection.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

2018-03-01 Thread Thomas Peters

Right-- I've seen the Avaya document you cite below. It says "To administer 
DHCP option 242, make a copy of an existing option 176" but I don't have any 
example of option 176 or 242 to copy, and don't know what to do to 
/etc/dhcpd.conf to make it offer option 242. 

Then there's this long table of parameters to use with (presumably) option 242.

I was hoping someone had a working minimal example of a dhcp option 242 config 
I could copy and modify.

They only have minimal function? No speed dials, BLFs, etc? 

-Original Message-
From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Daniel Tryba
Sent: Thursday, March 01, 2018 3:42 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion 

Subject: Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

On Wed, Feb 28, 2018 at 08:48:38PM +, Thomas Peters wrote:
> I'd like to start configuring my Avaya 9608G phones for use on 
> Asterisk / FreePBX / PBX-In-a-Flash. I'm using a variety of other 
> phones on my system without major issues.
> 
> I've read the discussion back in March, May and August of 2016, but 
> unfortunately, my difficulty is much more basic. I think it has to do 
> with DHCP, specifically, what options I'm offering the phone via DHCP.

So you might want to start without configurations from DHCP. Enter the 
file/http server in the phone manually and point it to a http server containing 
the needed firmware files and a correct 46xxsettings.txt for you asterisk.

Avaya uses other dhcp options for these phone (242):
https://downloads.avaya.com/elmodocs2/one-X_Deskphone_Edition/R1.5/output/16_300698_4/admn054.html

BTW these phones are a terrible waste when used with Asterisk. They only 
provided minimal functionality (calls and transfer).

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Blacklist failed attempts

2018-03-01 Thread Antony Stone

On Thursday 01 March 2018 at 14:02:37, Atux Atux wrote:

> Hi. I would like to protect my system from failed attempts. I would like to
> ask if there is a way to do a blacklist for certain amount of time
> consecutive attempts from the same IP.

fail2ban

> For example if we have an IP that gets a wrong passwd an it had tried more
> than 3 times the last 5 minutes, blacklist it for an hour.

Good plan.

> I have tried to implement it through fail2ban,

What have you tried?  Show us the configuration.

> but it does not seem to work for my asterisk implementation.

Which version of Asterisk are you using and how have you set up fail2ban?

> Is there any other way?

There may be other ways, but fail2ban really is the right tool for this job.


Antony.

-- 
I conclude that there are two ways of constructing a software design: One way 
is to make it so simple that there are _obviously_ no deficiencies, and the 
other way is to make it so complicated that there are no _obvious_ 
deficiencies.

 - C A R Hoare

   Please reply to the list;
 please *don't* CC me.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Blacklist failed attempts

2018-03-01 Thread Atux Atux

Hi. I would like to protect my system from failed attempts. I would like to
ask if there is a way to do a blacklist for certain amount of time
consecutive attempts from the same IP. For example if we have an IP that
gets a wrong passwd an it had tried more than 3 times the last 5 minutes,
blacklist it for an hour. I have tried to implement it through fail2ban,
but it doe snot seem to work for my asterisk implementation.
Is there any other way?
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

2018-03-01 Thread Daniel Tryba

On Wed, Feb 28, 2018 at 08:48:38PM +, Thomas Peters wrote:
> I'd like to start configuring my Avaya 9608G phones for use on
> Asterisk / FreePBX / PBX-In-a-Flash. I'm using a variety of other
> phones on my system without major issues.
> 
> I've read the discussion back in March, May and August of 2016, but
> unfortunately, my difficulty is much more basic. I think it has to do
> with DHCP, specifically, what options I'm offering the phone via DHCP.

So you might want to start without configurations from DHCP. Enter the
file/http server in the phone manually and point it to a http server
containing the needed firmware files and a correct 46xxsettings.txt for
you asterisk.

Avaya uses other dhcp options for these phone (242):
https://downloads.avaya.com/elmodocs2/one-X_Deskphone_Edition/R1.5/output/16_300698_4/admn054.html

BTW these phones are a terrible waste when used with Asterisk. They only
provided minimal functionality (calls and transfer).

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

Re: [asterisk-users] Blacklist failed attempts

Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

Re: [asterisk-users] Blacklist failed attempts

[asterisk-users] Blacklist failed attempts

Re: [asterisk-users] Avaya 9608G and DHCP and TFTP and HTTP oh my

6 matches

Site Navigation

Mail list logo

Footer information