subject:"\[asterisk\-users\] Asterisk prefix code to dial a high fraud country \- security mechanism"

[asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread motty cruz

Hello, I would to allow users to place calls overseas such as India and
Malaysia but only with a security code. if they don't have a security code
I want to be able to drop the calls.

can someone point me to a right direction to achieve this goal?

Thanks,
Motty
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread Julian Beach

Hello motty,

Thursday, September 18, 2014, 6:35:40 PM, you wrote:

> Hello, I would to allow users to place calls overseas such as India
> and Malaysia but only with a security code. if they don't have a
> security code I want to be able to drop the calls. 

I use this

exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
same => n,Playback(silence/1)
same => n,Authenticate(9084,,4)
same => n,Macro(outgoingTrunk,${EXTEN})
same => n,Hangup()

It  uses  a  fixed PIN number which calls a macro which deals with the
actual  dialling,  but  a  standard  Dial command would work here too.
Quick  and  easy, but there are lots of options. If the correct PIN is
not entered, the call is not made.

-- 
Best regards,
 Julianmailto:jb_s...@trink.co.uk


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread motty cruz

Thank you Julian,

would it be possible to block calls to international calls except certain
countries? I just want to make sure that if attackers try to place calls
outside the states they not succeed.

Thanks,
Motty

On Thu, Sep 18, 2014 at 12:55 PM, Julian Beach  wrote:

> Hello motty,
>
> Thursday, September 18, 2014, 6:35:40 PM, you wrote:
>
> > Hello, I would to allow users to place calls overseas such as India
> > and Malaysia but only with a security code. if they don't have a
> > security code I want to be able to drop the calls.
>
> I use this
>
> exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
> same => n,Playback(silence/1)
> same => n,Authenticate(9084,,4)
> same => n,Macro(outgoingTrunk,${EXTEN})
> same => n,Hangup()
>
> It  uses  a  fixed PIN number which calls a macro which deals with the
> actual  dialling,  but  a  standard  Dial command would work here too.
> Quick  and  easy, but there are lots of options. If the correct PIN is
> not entered, the call is not made.
>
> --
> Best regards,
>  Julianmailto:jb_s...@trink.co.uk
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread Eric Wieling

Your question demonstrates a fundamental lack of Asterisk concepts and 
knowledge.  You should start by reading http://www.asteriskdocs.org/ and go 
from there.Asterisk is not something you can learn in a few days.

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of motty cruz
Sent: Thursday, September 18, 2014 4:52 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk prefix code to dial a high fraud country 
- security mechanism

Thank you Julian,

would it be possible to block calls to international calls except certain 
countries? I just want to make sure that if attackers try to place calls 
outside the states they not succeed.

Thanks,
Motty

On Thu, Sep 18, 2014 at 12:55 PM, Julian Beach 
mailto:jb_s...@trink.co.uk>> wrote:
Hello motty,

Thursday, September 18, 2014, 6:35:40 PM, you wrote:

> Hello, I would to allow users to place calls overseas such as India
> and Malaysia but only with a security code. if they don't have a
> security code I want to be able to drop the calls.

I use this

exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
same => n,Playback(silence/1)
same => n,Authenticate(9084,,4)
same => n,Macro(outgoingTrunk,${EXTEN})
same => n,Hangup()

It  uses  a  fixed PIN number which calls a macro which deals with the
actual  dialling,  but  a  standard  Dial command would work here too.
Quick  and  easy, but there are lots of options. If the correct PIN is
not entered, the call is not made.

--
Best regards,
 Julian
mailto:jb_s...@trink.co.uk<mailto:jb_s...@trink.co.uk>


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread motty cruz

Thanks Eric, for respectfully pointing that link, it is the reason why I am
posting my question for lack of knowledge. I had been working on Asterisk
for the last 4 years, I am always learning something knew.

- Motty

On Thu, Sep 18, 2014 at 2:15 PM, Eric Wieling  wrote:

> Your question demonstrates a fundamental lack of Asterisk concepts and
> knowledge.  You should start by reading http://www.asteriskdocs.org/ and
> go from there.Asterisk is not something you can learn in a few days.
>
>
>
> *From:* asterisk-users-boun...@lists.digium.com [mailto:
> asterisk-users-boun...@lists.digium.com] *On Behalf Of *motty cruz
> *Sent:* Thursday, September 18, 2014 4:52 PM
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* Re: [asterisk-users] Asterisk prefix code to dial a high fraud
> country - security mechanism
>
>
>
> Thank you Julian,
>
>
>
> would it be possible to block calls to international calls except certain
> countries? I just want to make sure that if attackers try to place calls
> outside the states they not succeed.
>
>
>
> Thanks,
> Motty
>
>
>
> On Thu, Sep 18, 2014 at 12:55 PM, Julian Beach 
> wrote:
>
> Hello motty,
>
> Thursday, September 18, 2014, 6:35:40 PM, you wrote:
>
> > Hello, I would to allow users to place calls overseas such as India
> > and Malaysia but only with a security code. if they don't have a
> > security code I want to be able to drop the calls.
>
> I use this
>
> exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
> same => n,Playback(silence/1)
> same => n,Authenticate(9084,,4)
> same => n,Macro(outgoingTrunk,${EXTEN})
> same => n,Hangup()
>
> It  uses  a  fixed PIN number which calls a macro which deals with the
> actual  dialling,  but  a  standard  Dial command would work here too.
> Quick  and  easy, but there are lots of options. If the correct PIN is
> not entered, the call is not made.
>
> --
> Best regards,
>  Julianmailto:jb_s...@trink.co.uk
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread Eric Wieling

It is unfortunate 
http://www.asteriskdocs.org/en/3rd_Edition/asterisk-book-html/asterisk-book.html#asterisk-DP-Basics-SECT-3.6
 is not helpful to you.

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of motty cruz
Sent: Thursday, September 18, 2014 5:27 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk prefix code to dial a high fraud country 
- security mechanism

Thanks Eric, for respectfully pointing that link, it is the reason why I am 
posting my question for lack of knowledge. I had been working on Asterisk for 
the last 4 years, I am always learning something knew.

- Motty

On Thu, Sep 18, 2014 at 2:15 PM, Eric Wieling 
mailto:ewiel...@nyigc.com>> wrote:
Your question demonstrates a fundamental lack of Asterisk concepts and 
knowledge.  You should start by reading http://www.asteriskdocs.org/ and go 
from there.Asterisk is not something you can learn in a few days.

From: 
asterisk-users-boun...@lists.digium.com<mailto:asterisk-users-boun...@lists.digium.com>

[mailto:asterisk-users-boun...@lists.digium.com<mailto:asterisk-users-boun...@lists.digium.com>]
 On Behalf Of motty cruz
Sent: Thursday, September 18, 2014 4:52 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk prefix code to dial a high fraud country 
- security mechanism

Thank you Julian,

would it be possible to block calls to international calls except certain 
countries? I just want to make sure that if attackers try to place calls 
outside the states they not succeed.

Thanks,
Motty

On Thu, Sep 18, 2014 at 12:55 PM, Julian Beach 
mailto:jb_s...@trink.co.uk>> wrote:
Hello motty,

Thursday, September 18, 2014, 6:35:40 PM, you wrote:

> Hello, I would to allow users to place calls overseas such as India
> and Malaysia but only with a security code. if they don't have a
> security code I want to be able to drop the calls.

I use this

exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
same => n,Playback(silence/1)
same => n,Authenticate(9084,,4)
same => n,Macro(outgoingTrunk,${EXTEN})
same => n,Hangup()

It  uses  a  fixed PIN number which calls a macro which deals with the
actual  dialling,  but  a  standard  Dial command would work here too.
Quick  and  easy, but there are lots of options. If the correct PIN is
not entered, the call is not made.

--
Best regards,
 Julian
mailto:jb_s...@trink.co.uk<mailto:jb_s...@trink.co.uk>

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread motty cruz

absolutely not what I meant, I really meant to say thank you for
respectfully pointing that out.


-Motty

On Thu, Sep 18, 2014 at 2:32 PM, Eric Wieling  wrote:

> It is unfortunate
> http://www.asteriskdocs.org/en/3rd_Edition/asterisk-book-html/asterisk-book.html#asterisk-DP-Basics-SECT-3.6
> is not helpful to you.
>
>
>
> *From:* asterisk-users-boun...@lists.digium.com [mailto:
> asterisk-users-boun...@lists.digium.com] *On Behalf Of *motty cruz
> *Sent:* Thursday, September 18, 2014 5:27 PM
>
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* Re: [asterisk-users] Asterisk prefix code to dial a high fraud
> country - security mechanism
>
>
>
> Thanks Eric, for respectfully pointing that link, it is the reason why I
> am posting my question for lack of knowledge. I had been working on
> Asterisk for the last 4 years, I am always learning something knew.
>
>
>
> - Motty
>
>
>
> On Thu, Sep 18, 2014 at 2:15 PM, Eric Wieling  wrote:
>
> Your question demonstrates a fundamental lack of Asterisk concepts and
> knowledge.  You should start by reading http://www.asteriskdocs.org/ and
> go from there.Asterisk is not something you can learn in a few days.
>
>
>
> *From:* asterisk-users-boun...@lists.digium.com [mailto:
> asterisk-users-boun...@lists.digium.com] *On Behalf Of *motty cruz
> *Sent:* Thursday, September 18, 2014 4:52 PM
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* Re: [asterisk-users] Asterisk prefix code to dial a high fraud
> country - security mechanism
>
>
>
> Thank you Julian,
>
>
>
> would it be possible to block calls to international calls except certain
> countries? I just want to make sure that if attackers try to place calls
> outside the states they not succeed.
>
>
>
> Thanks,
> Motty
>
>
>
> On Thu, Sep 18, 2014 at 12:55 PM, Julian Beach 
> wrote:
>
> Hello motty,
>
> Thursday, September 18, 2014, 6:35:40 PM, you wrote:
>
> > Hello, I would to allow users to place calls overseas such as India
> > and Malaysia but only with a security code. if they don't have a
> > security code I want to be able to drop the calls.
>
> I use this
>
> exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
> same => n,Playback(silence/1)
> same => n,Authenticate(9084,,4)
> same => n,Macro(outgoingTrunk,${EXTEN})
> same => n,Hangup()
>
> It  uses  a  fixed PIN number which calls a macro which deals with the
> actual  dialling,  but  a  standard  Dial command would work here too.
> Quick  and  easy, but there are lots of options. If the correct PIN is
> not entered, the call is not made.
>
> --
> Best regards,
>  Julianmailto:jb_s...@trink.co.uk
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-18 Thread Eric Wieling

My apologies, I misunderstood.  I’m glad the link was helpful.

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of motty cruz
Sent: Thursday, September 18, 2014 5:44 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk prefix code to dial a high fraud country 
- security mechanism

absolutely not what I meant, I really meant to say thank you for respectfully 
pointing that out.

-Motty

On Thu, Sep 18, 2014 at 2:32 PM, Eric Wieling 
mailto:ewiel...@nyigc.com>> wrote:
It is unfortunate 
http://www.asteriskdocs.org/en/3rd_Edition/asterisk-book-html/asterisk-book.html#asterisk-DP-Basics-SECT-3.6
 is not helpful to you.

From: 
asterisk-users-boun...@lists.digium.com<mailto:asterisk-users-boun...@lists.digium.com>

[mailto:asterisk-users-boun...@lists.digium.com<mailto:asterisk-users-boun...@lists.digium.com>]
 On Behalf Of motty cruz
Sent: Thursday, September 18, 2014 5:27 PM

To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk prefix code to dial a high fraud country 
- security mechanism

Thanks Eric, for respectfully pointing that link, it is the reason why I am 
posting my question for lack of knowledge. I had been working on Asterisk for 
the last 4 years, I am always learning something knew.

- Motty

On Thu, Sep 18, 2014 at 2:15 PM, Eric Wieling 
mailto:ewiel...@nyigc.com>> wrote:
Your question demonstrates a fundamental lack of Asterisk concepts and 
knowledge.  You should start by reading http://www.asteriskdocs.org/ and go 
from there.Asterisk is not something you can learn in a few days.

From: 
asterisk-users-boun...@lists.digium.com<mailto:asterisk-users-boun...@lists.digium.com>

[mailto:asterisk-users-boun...@lists.digium.com<mailto:asterisk-users-boun...@lists.digium.com>]
 On Behalf Of motty cruz
Sent: Thursday, September 18, 2014 4:52 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk prefix code to dial a high fraud country 
- security mechanism

Thank you Julian,

would it be possible to block calls to international calls except certain 
countries? I just want to make sure that if attackers try to place calls 
outside the states they not succeed.

Thanks,
Motty

On Thu, Sep 18, 2014 at 12:55 PM, Julian Beach 
mailto:jb_s...@trink.co.uk>> wrote:
Hello motty,

Thursday, September 18, 2014, 6:35:40 PM, you wrote:

> Hello, I would to allow users to place calls overseas such as India
> and Malaysia but only with a security code. if they don't have a
> security code I want to be able to drop the calls.

I use this

exten => _0041,1,Log(NOTICE,Pin Code for Switzerland calls)
same => n,Playback(silence/1)
same => n,Authenticate(9084,,4)
same => n,Macro(outgoingTrunk,${EXTEN})
same => n,Hangup()

It  uses  a  fixed PIN number which calls a macro which deals with the
actual  dialling,  but  a  standard  Dial command would work here too.
Quick  and  easy, but there are lots of options. If the correct PIN is
not entered, the call is not made.

--
Best regards,
 Julian
mailto:jb_s...@trink.co.uk<mailto:jb_s...@trink.co.uk>

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-19 Thread A J Stiles

On Thursday 18 Sep 2014, motty cruz wrote:
> Hello, I would to allow users to place calls overseas such as India and
> Malaysia but only with a security code. if they don't have a security code
> I want to be able to drop the calls.
> 
> can someone point me to a right direction to achieve this goal?
> 
> Thanks,
> Motty

Not many people are going to want to answer this definitively, I suspect, for 
fear of being blamed if you copy what they did, it doesn't work for you and 
you get landed with huge bills for calls you didn't make.  Securing Asterisk 
is never as easy as you think.

However, if you look back through my own posts, I did post some dialplan code 
a short while ago, relating to a PIN entry.  Feel free to borrow that and play 
around with it; but note, I will not accept any responsibility for it not 
being as secure as you thought!

Another thing to consider would be only allowing overseas calls from a 
particulat context; any extension that does not require the ability to call 
abroad should be placed in a different default context.  If you know you will 
only ever need to call a restricted range of foreign numbers, consider giving 
them "short codes" -- endpoints effectively within your own internal numbering 
scheme -- and sending calls to _00X. to a recorded message.

[overseas-offices]
; this context is only for phones which need the ability to call overseas

; 8000 is office in France
exten => 8000,1,Set(CALLERID(num)=${OUTGOING_IDENT})
exten => 8000,n,Dial(${OUT_TRUNK}/0033251478820,180)
exten => 8000,n,Hangup()

; 8010 is office in India
exten => 8010,1,Set(CALLERID(num)=${OUTGOING_IDENT})
exten => 8010,n,Dial(${OUT_TRUNK}/00918322494200,180)
exten => 8010,n,Hangup()

; .

[default]
; play suitably sarchastic announcement to chancers
_00X.,1,Play(ajs-not_allowed)
_00X.,n,Hangup()

Basically, be paranoid; and even then, don't forget, you probably aren't being 
paranoid enough.

-- 
AJS

Note:  Originating address only accepts e-mail from list!  If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

2014-09-19 Thread motty cruz

Thank you AJ, I will certainly not copy and past; I want to believe I
understand the risk. I needed some kind of direction, thank you for your
support.

-Motty

On Fri, Sep 19, 2014 at 2:51 AM, A J Stiles 
wrote:

> On Thursday 18 Sep 2014, motty cruz wrote:
> > Hello, I would to allow users to place calls overseas such as India and
> > Malaysia but only with a security code. if they don't have a security
> code
> > I want to be able to drop the calls.
> >
> > can someone point me to a right direction to achieve this goal?
> >
> > Thanks,
> > Motty
>
> Not many people are going to want to answer this definitively, I suspect,
> for
> fear of being blamed if you copy what they did, it doesn't work for you and
> you get landed with huge bills for calls you didn't make.  Securing
> Asterisk
> is never as easy as you think.
>
>
> However, if you look back through my own posts, I did post some dialplan
> code
> a short while ago, relating to a PIN entry.  Feel free to borrow that and
> play
> around with it; but note, I will not accept any responsibility for it not
> being as secure as you thought!
>
>
> Another thing to consider would be only allowing overseas calls from a
> particulat context; any extension that does not require the ability to call
> abroad should be placed in a different default context.  If you know you
> will
> only ever need to call a restricted range of foreign numbers, consider
> giving
> them "short codes" -- endpoints effectively within your own internal
> numbering
> scheme -- and sending calls to _00X. to a recorded message.
>
> [overseas-offices]
> ; this context is only for phones which need the ability to call overseas
>
> ; 8000 is office in France
> exten => 8000,1,Set(CALLERID(num)=${OUTGOING_IDENT})
> exten => 8000,n,Dial(${OUT_TRUNK}/0033251478820,180)
> exten => 8000,n,Hangup()
>
> ; 8010 is office in India
> exten => 8010,1,Set(CALLERID(num)=${OUTGOING_IDENT})
> exten => 8010,n,Dial(${OUT_TRUNK}/00918322494200,180)
> exten => 8010,n,Hangup()
>
> ; .
>
> [default]
> ; play suitably sarchastic announcement to chancers
> _00X.,1,Play(ajs-not_allowed)
> _00X.,n,Hangup()
>
>
> Basically, be paranoid; and even then, don't forget, you probably aren't
> being
> paranoid enough.
>
> --
> AJS
>
> Note:  Originating address only accepts e-mail from list!  If replying off-
> list, change address to asterisk1list at earthshod dot co dot uk .
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

Re: [asterisk-users] Asterisk prefix code to dial a high fraud country - security mechanism

10 matches

Site Navigation

Mail list logo

Footer information