Re: [asterisk-users] restricting sip users to a certain useragent
On Tuesday 29 Jun 2010, Tarek Sawah wrote: . is it possible to force the agents (users) to use a certain UserAgent which is the one built-in our system? this way will prevent the agents we are restricting them to only be able to dial through the software which is already restricted to their seats in the call center.. but someone might sniff around .. and get the sip username and password assigned to him and use it through Zoiper or any other softphone to make calls . If someone is *that* determined, what will stop them from modifying the user-agent string in some Open Source softphone? -- AJS -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] restricting sip users to a certain useragent
well there are two restrictions.. the IP address of the station they are using it .. and the UserAgent..one thing my agents hardly understand Computers .. and their computer skills are limited to Microsoft Office products and telemarketing. i'm not afraid of hackers or cracker .. security is not guaranteed .. but i need to restrict the agents to their seats and my CRM software -- Tarek Sawah Integrated Digital Systems CCNA, MCSE, RHCE, VoIP USA: +1 347 562 2308 From: asterisk_l...@earthshod.co.uk To: asterisk-users@lists.digium.com Date: Tue, 29 Jun 2010 08:45:01 +0100 Subject: Re: [asterisk-users] restricting sip users to a certain useragent On Tuesday 29 Jun 2010, Tarek Sawah wrote: . is it possible to force the agents (users) to use a certain UserAgent which is the one built-in our system? this way will prevent the agents we are restricting them to only be able to dial through the software which is already restricted to their seats in the call center.. but someone might sniff around .. and get the sip username and password assigned to him and use it through Zoiper or any other softphone to make calls . If someone is *that* determined, what will stop them from modifying the user-agent string in some Open Source softphone? -- AJS -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] restricting sip users to a certain useragent
Hi, If you use curl realtime for registrations you can add useragnet check in your CGI and also lot of else as well. Regards, *Faisal Hanif *On 6/29/2010 4:48 PM, Tarek Sawah wrote: well there are two restrictions.. the IP address of the station they are using it .. and the UserAgent.. one thing my agents hardly understand Computers .. and their computer skills are limited to Microsoft Office products and telemarketing. i'm not afraid of hackers or cracker .. security is not guaranteed .. but i need to restrict the agents to their seats and my CRM software -- Tarek Sawah Integrated Digital Systems CCNA, MCSE, RHCE, VoIP USA: +1 347 562 2308 From: asterisk_l...@earthshod.co.uk To: asterisk-users@lists.digium.com Date: Tue, 29 Jun 2010 08:45:01 +0100 Subject: Re: [asterisk-users] restricting sip users to a certain useragent On Tuesday 29 Jun 2010, Tarek Sawah wrote: . is it possible to force the agents (users) to use a certain UserAgent which is the one built-in our system? this way will prevent the agents we are restricting them to only be able to dial through the software which is already restricted to their seats in the call center.. but someone might sniff around .. and get the sip username and password assigned to him and use it through Zoiper or any other softphone to make calls . If someone is *that* determined, what will stop them from modifying the user-agent string in some Open Source softphone? -- AJS -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. Get busy. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] restricting sip users to a certain useragent
Greetings list,this question is rather a pain in my side.. i have been trying to figure it out.. it could be simple.i have a customer with a callcenter .. we developed a CRM Customer Relations Management with an SIP dialers built in.the question is the following.. is it possible to force the agents (users) to use a certain UserAgent which is the one built-in our system? this way will prevent the agents we are restricting them to only be able to dial through the software which is already restricted to their seats in the call center.. but someone might sniff around .. and get the sip username and password assigned to him and use it through Zoiper or any other softphone to make calls ..our agents are allowed international calls .. so we want to restrict them to only use our dialer.Is that possible?Asterisk version 1.4.33regards -- Tarek Sawah Integrated Digital Systems CCNA, MCSE, RHCE, VoIP USA: +1 386 492 9993 _ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] restricting sip users to a certain useragent
This is a very good question. I faced the same problem some time ago, and by
goggling found out that somebody had actually programmed a patch for this
purpose, but it never got approved to go into the main branch of Asterisk.
If you google, you'll probably found out details on it.
I am, however, found a very simple way to do it, which is not perfectly
secure because it is crackable by any hi tech cracker who could send
modified SIP headers, but otherwise it does its job great.
Here is how you can do it (I use Asterisk 1.4):
First check the user agent name using sip show peers. Lets say sip user
agent is Sipura/SPA1001-3.1.8(SEc).
When a SIP phone registers on your asterisk server, asterisk stores its user
agent information in variable ${SIPUSERAGENT}. This means when an extension
dials out, you can check in the dialplan if the ${SIPUSERAGENT} matches your
user agent or not, and based on the result you can decide how to proceed
with the call.
I use AEL, and it'll look like this:
// Check if the user agent is the one we supplied
if (${SIPUSERAGENT}!=Sipura/SPA1001-3.1.8(SEc)) {
// If not, hangup the call or do something else. I block the IP in
iptables and record IP in MySQL for future reference
NoCDR();
Hangup();
}
// Otherwise continue the dialplan
In regular non AEL config, which is harder to work with, it will look
something like this:
exten = _NXXNXX,1,...
exten = _NXXNXX,n,...
...
...
...
exten =
_NXXNXX,n,GotoIf($[${SIPUSERAGENT}!=Sipura/SPA1001-3.1.8(SEc)]?hangup:continue)
exten = _NXXNXX,n(hangup),NoCDR()
exten = _NXXNXX,n,Hangup()
exten = _NXXNXX,n(continue),...
exten = _NXXNXX,n,...
As I said earlier, if an experienced cracker really wants, and knows what
sip user agent name you are using, he can figure out that you are checking
the sip user agent name, and then send custom sip user agent name with the
same name. But in your case its probability is very little. In fact I was
using a webphone with free calls to anywhere in North American and some
other countries right from my website, and wouldn't really care if crackers
would crack it or not, because call duration was only one minute, but this
setup really helped block a lot of crakcers, because before they would know
I was checking extensions by user agent name, their IP address would already
be blocked.
--
Zeeshan
On Mon, Jun 28, 2010 at 7:58 PM, Tarek Sawah tareksa...@hotmail.com wrote:
Greetings list,
this question is rather a pain in my side.. i have been trying to figure it
out.. it could be simple.
i have a customer with a callcenter .. we developed a CRM
Customer Relations Management with an SIP dialers built in.
the question is the following.. is it possible to force the agents (users)
to use a certain UserAgent which is the one built-in our system? this way
will prevent the agents we are restricting them to only be able to dial
through the software which is already restricted to their seats in the call
center.. but someone might sniff around .. and get the sip username and
password assigned to him and use it through Zoiper or any other softphone to
make calls ..our agents are allowed international calls .. so we want to
restrict them to only use our dialer.
Is that possible?
Asterisk version 1.4.33
regards
-- Tarek Sawah Integrated Digital Systems CCNA, MCSE, RHCE, VoIP USA: +1
386 492 9993
--
The New Busy is not the too busy. Combine all your e-mail accounts with
Hotmail. Get
busy.http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
Zeeshan A Zakaria
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
