Re: [asterisk-users] Connecting peer if the peer is already connected
On Tuesday 09 Jun 2015, Luca Bertoncello wrote: Now, I tried to register the user of my cellphone using a PC, as my cellphone was already registered. And Asterisk accepted this registration... :( Did you actually reboot the server, as opposed to simply reloading your firewall configuration and stopping and restarting asterisk? I've known some moderate to severe weirdnesses that seemed to be caused by the kernel remembering out-of-date routing details. (I'm sure there is a simple command that will flush and rebuild the kernel's routing information without needing the big red switch, but that was nearer .) Unfortunately, I didn't found any option to restrict this try... How can I do it? And, very important, how can I trigger an event (Shell-Script) if someone tries to register as a peer, that is already registered or if the login was NOT successful, or even if my cellphone successfully registered (for example, to send me an E-Mail)? Take a look at fail2ban. It monitors log files for error messages, and can add firewall rules to disconnect IP addresses involved in suspicious activity. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Connecting peer if the peer is already connected
Zitat von A J Stiles asterisk_l...@earthshod.co.uk: On Tuesday 09 Jun 2015, Luca Bertoncello wrote: Now, I tried to register the user of my cellphone using a PC, as my cellphone was already registered. And Asterisk accepted this registration... :( Did you actually reboot the server, as opposed to simply reloading your firewall configuration and stopping and restarting asterisk? I've known some moderate to severe weirdnesses that seemed to be caused by the kernel remembering out-of-date routing details. Well, I'm not sure... But I can't remember to have configured somewhat for accept more registration... Reading an Answer in this list a couple of day ago, I thought, it is not allowed per default... Unfortunately, I didn't found any option to restrict this try... How can I do it? And, very important, how can I trigger an event (Shell-Script) if someone tries to register as a peer, that is already registered or if the login was NOT successful, or even if my cellphone successfully registered (for example, to send me an E-Mail)? Take a look at fail2ban. It monitors log files for error messages, and can add firewall rules to disconnect IP addresses involved in suspicious activity. This will not work, since the Firewall is NOT on the Server running Asterisk... Thanks Luca Bertoncello (lucab...@lucabert.de) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Connecting peer if the peer is already connected
Now I have the problem for my cellphone... I need to register from almost any IP (at least in Europe), so I can't restrict it. Well, the password is NOT simple and random. Now, I tried to register the user of my cellphone using a PC, as my cellphone was already registered. And Asterisk accepted this registration... :( Were you trying to register the PC using the *correct* credentials used by your phone (the right username and password), or *incorrect* credentials (wrong password)? If your PC offered up the correct credentials, then I believe it's entirely normal behavior for Asterisk to accept this registration, and bump off the previous registration which used these same credentials. Asterisk (and most SIP servers) will treat this situation as an Oh, this is a valid user of mine who has moved to a different IP address. The same thing would happen if your cellphone were (for example) to switch from cellular IP to WiFi, or vice versa, or (in many cases) moved from one service area to another. The way you avoid confusion between multiple devices, is use different (unique) credentials for each SIP client... and, of course, use strong, difficult-to-guess passwords. Any time you try to share credentials between two or more distinct devices, confusion *will* occur if both devices are on-line at the same time. You can never tell which of the two will succeed in establishing and holding a registration... although it will typically be the one which forces through a registration packet the most frequently. If you were to somehow tell Asterisk Don't accept a different registration for my cellphone user , if user is already registered, you could quite easily find yourself unable to register the cellphone with Asterisk for a prolonged period of time... the PC could lock you out, and the cellphone could lock *itself* out every time it moved from one IP network to another. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Connecting peer if the peer is already connected
Dave Platt dpl...@radagast.org schrieb: Were you trying to register the PC using the *correct* credentials used by your phone (the right username and password), or *incorrect* credentials (wrong password)? Of course, with the CORRECT credentials... :) If your PC offered up the correct credentials, then I believe it's entirely normal behavior for Asterisk to accept this registration, and bump off the previous registration which used these same credentials. Right! This is what happens... And what I'd like to correct... Asterisk (and most SIP servers) will treat this situation as an Oh, this is a valid user of mine who has moved to a different IP address. The same thing would happen if your cellphone were (for example) to switch from cellular IP to WiFi, or vice versa, or (in many cases) moved from one service area to another. Well, if I'm on WiFi I surely don't need my cellphone in Asterisk, since I use it only to receive calls if I'm not at home (holiday) The way you avoid confusion between multiple devices, is use different (unique) credentials for each SIP client... and, of course, use strong, difficult-to-guess passwords. All client have different credentials and the password are random (32 chars). If you were to somehow tell Asterisk Don't accept a different registration for my cellphone user , if user is already registered, you could quite easily find yourself unable to register the cellphone with Asterisk for a prolonged period of time... the PC could lock you out, and the cellphone could lock *itself* out every time it moved from one IP network to another. Well, as I said, this is not a problem for me... How can I do that? And, how can I for example send an E-Mail if the client connect? Thanks Luca Bertoncello (lucab...@lucabert.de) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Connecting peer if the peer is already connected
Hi list! I'm working hard to securing my Asterisk... Now I deleted all possibility to access the node as anonymous and every call through the proxy will be checked (just known peers are allowed to use it). Furthermore, I restricted the registration of my home phones to the Network I reserved for them and I changed the port on my Firewall, so that I don't use 5060 anymore. Now I have the problem for my cellphone... I need to register from almost any IP (at least in Europe), so I can't restrict it. Well, the password is NOT simple and random. Now, I tried to register the user of my cellphone using a PC, as my cellphone was already registered. And Asterisk accepted this registration... :( Unfortunately, I didn't found any option to restrict this try... How can I do it? And, very important, how can I trigger an event (Shell-Script) if someone tries to register as a peer, that is already registered or if the login was NOT successful, or even if my cellphone successfully registered (for example, to send me an E-Mail)? Thanks Luca Bertoncello (lucab...@lucabert.de) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
