[Astlinux-users] First I've seen of this...
Probably not the correct mailing list but this might be of interest anyway. This morning in my Astlinux logs I found a bunch messages I'd not seen before. Here are the last 3: 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c: 15236 in handle_request_register: Registration from '9997sip:9...@67.102.112.55 ' failed for '174.137.49.78' - No matching peer found Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from '9998sip:9...@67.102.112.55 ' failed for '174.137.49.78' - No matching peer found Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from 'sip:9...@67.102.112.55 ' failed for '174.137.49.78' - No matching peer found So 174.137.49.78 (78.49.137.174.in-addr.arpa. 86400 IN PTR unknown.caratnetworks.com.) was attempting to register with my Astlinux box on all possible 4 digit extensions. Fortunately for me my extensions are all alpha-numeric and all longer than 4 characters. I just checked and none of them look like a dictionary attack would work either. Anyway, I don't know how common this is. But it is the first time I have noticed malicious SIP registration attempts. I do get a huge number of that type of thing on my firewall for things link ssh. I just hadn't seen it before for SIP. Cheers, Tod smime.p7s Description: S/MIME cryptographic signature -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] First I've seen of this...
Tod Fitch wrote: Probably not the correct mailing list but this might be of interest anyway. This morning in my Astlinux logs I found a bunch messages I'd not seen before. Here are the last 3: 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from '9997sip:9...@67.102.112.55' failed for '174.137.49.78' - No matching peer found Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from '9998sip:9...@67.102.112.55' failed for '174.137.49.78' - No matching peer found Mar 24 05:04:06 pbx local0.notice asterisk[12679]: NOTICE[12679]: chan_sip.c:15236 in handle_request_register: Registration from 'sip:9...@67.102.112.55' failed for '174.137.49.78' - No matching peer found So 174.137.49.78 (78.49.137.174.in-addr.arpa. 86400 INPTR unknown.caratnetworks.com.) was attempting to register with my Astlinux box on all possible 4 digit extensions. Fortunately for me my extensions are all alpha-numeric and all longer than 4 characters. I just checked and none of them look like a dictionary attack would work either. Anyway, I don't know how common this is. But it is the first time I have noticed malicious SIP registration attempts. I do get a huge number of that type of thing on my firewall for things link ssh. I just hadn't seen it before for SIP. Cheers, Tod Yeah, I've seen them before. Turn off allowguest in /etc/asterisk/sip.conf -Philip -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] First I've seen of this...
On Mar 24, 2009, at 9:18 AM, Philip A. Prindeville wrote: Yeah, I've seen them before. Turn off allowguest in /etc/asterisk/sip.conf -Philip Hummm. Wouldn't that block incoming calls from legitimate sources that are using my e164.org entry to call me? Any such calls are routed to a dial plan that only allows calls to internal extensions so I am not too worried about toll billing fraud. And they weren't trying to make calls, they were trying to register (i.e. become something other than a guest/anonymous caller). --Tod smime.p7s Description: S/MIME cryptographic signature -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] First I've seen of this...
On Mar 24, 2009, at 1:04 PM, Kristian Kielhofner wrote: On Tue, Mar 24, 2009 at 12:44 PM, Tod Fitch t...@fitchdesign.com wrote: On Mar 24, 2009, at 9:18 AM, Philip A. Prindeville wrote: Yeah, I've seen them before. Turn off allowguest in /etc/asterisk/sip.conf -Philip Hummm. Wouldn't that block incoming calls from legitimate sources that are using my e164.org entry to call me? Any such calls are routed to a dial plan that only allows calls to internal extensions so I am not too worried about toll billing fraud. And they weren't trying to make calls, they were trying to register (i.e. become something other than a guest/anonymous caller). --Tod Yes. The concern is not so much people placing calls into the context you have defined in [general] with allowguest=yes but more so with people brute forcing your extensions and placing calls to the PSTN... Several people have been bit by that. There are various solutions in Asterisk being considered but the most effective at this point seems to be filtering and/or strong passwords. Obviously if you are using e.164 filtering is not an option for you and strong passwords are your only defense (as of now). -- Kristian Kielhofner http://blog.krisk.org http://www.submityoursip.com http://www.astlinux.org http://www.star2star.com My passwords are all long alpha-numeric strings, unique to each peer and all are generated by a program I wrote that uses a cryptographically nice pseudo-random number generator. So they ought to be relatively secure. It does seem that Asterisk does not use any scheme to throttle responses to bad requests (i.e. increasingly delayed responses for each unsuccessful login attempt from an IP address). So an attacker could run through a lot of passwords (or peer IDs) per second and eat up a lot of your bandwidth when they are doing it. --Tod smime.p7s Description: S/MIME cryptographic signature -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Defeating firewalls
On Tue, Mar 24, 2009 at 7:37 PM, Martin Rogers fromastlinux-us...@mhr.me.uk wrote: Hi To simplify access when traveling I have started to use IAX and Zoiper from a Windows laptop, connecting back to one of my Asterisk boxes over the internet. When this works - it works fine. However some hotels I stay at seem to lock their firewalls down meaning that even IAX could not be used. I guess there are two options. One is to try and IPSec under the firewall, another is to use a commonly open UDP port. Does anyone know of a UDP port which is likely to be open - I can't think of one. Can anyone provide a guide to configure IPSec on Astlinux and on a Windows machine. This does not look like a quick job. Is there another way of achieving connectivity back to an Asterisk box - presumably someone else has hit this? I note that Skype is good at burrowing its way out through the firewall, invariably I end up using Skype instead of Asterisk because of this. Any ideas ? Mart Try OpenVPN or straight IAX2 on port 53 (usually used for DNS). I find it is often left open. -- Kristian Kielhofner http://blog.krisk.org http://www.submityoursip.com http://www.astlinux.org http://www.star2star.com -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] AstLinux 0.6.4 available for upgrade
Thanks for this. I have just run an 'upgrade firmware' from the Web UI, from 0.6.3 to 0.6.4 (on a net5501) and it worked fine. Now Runnix is coming into its own :-) Mart Darrick Hartman wrote: The AstLinux Team is happy to announce that AstLinux 0.6.4 is available. All users of AstLinux are encouraged to upgrade since this release fixes the recently reported security vulnerability in Asterisk 1.4.23.1 Right now a mix up on the Sourceforge site is preventing us from uploading full install versions, but current users of 0.6.2 or 0.6.3 can upgrade to 0.6.4 by using either the 'upgrade-run-image' script from the command line or the upgrade firmware option in the web interface. New versions of the full install will be available as soon as possible on the Sourceforge site. Changes: Asterisk 1.4.24 is included which fixes several bugs and at least one security issue Asterisk-gui was updated to svn 4618 netsnmp was updated to 5.3.2.3 The web interface was upgraded to add several features/improvements An arno-upgrade-firewall script was added to break this away from an init change. This won't really affect users of 0.6.x until they move to 0.7.x which uses a newer version of Arno's firewall. When the time comes, we'll explain the importance. A serial number file was added to trace the version of the firewall config files. To upgrade from the command line: 1). upgrade-run-image check http://mirror.astlinux.org/firmware 2). upgrade-run-image upgrade http://mirror.astlinux.org/firmware 3). reboot as instructed To upgrade from the web interface: 1). Navigate to the system tab on the web interface 2). Select check for new, select the confirm box, and click the Firmware button. 3). Select upgrade with new, select the confirm box, and click the Firmware button. 4). Reboot by checking that confirm button and clicking Reboot. Enjoy The AstLinux Team -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Defeating firewalls
Kristian Kielhofner wrote: On Tue, Mar 24, 2009 at 7:37 PM, Martin Rogers fromastlinux-us...@mhr.me.uk wrote: Hi To simplify access when traveling I have started to use IAX and Zoiper from a Windows laptop, connecting back to one of my Asterisk boxes over the internet. When this works - it works fine. However some hotels I stay at seem to lock their firewalls down meaning that even IAX could not be used. I guess there are two options. One is to try and IPSec under the firewall, another is to use a commonly open UDP port. Does anyone know of a UDP port which is likely to be open - I can't think of one. Can anyone provide a guide to configure IPSec on Astlinux and on a Windows machine. This does not look like a quick job. Is there another way of achieving connectivity back to an Asterisk box - presumably someone else has hit this? I note that Skype is good at burrowing its way out through the firewall, invariably I end up using Skype instead of Asterisk because of this. Any ideas ? Mart Try OpenVPN or straight IAX2 on port 53 (usually used for DNS). I find it is often left open. Thanks for the hint. I have moved IAX2 over to port 53. The obvious bits were setting bindport=53 in iax.conf, changing the Astlinux firewall to allow UDP 53, and changing my router to forward UDP 53. However Zoiper was a bit of a fiddle. Changing the IAX port to 53 in the Zoiper configuration did not work - the registration failed. A Wireshark trace revealed that this configuration field only affected the source port, the destination port was still using 4569. Adding a :53 to the Server Hostname IP configuration field as well, convinced it to use 53 as the destination port. It now works OK on a local network, now to try it out on the road. Mart -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] How to configure astlinux to be a wlan AP with WPA , FW and to be like Router with DHCP.
Hi List Is three a Way to configure astlinux to be asterisk , AP, FW , Router How can I configure astlinux to be a wlan AP with WPA and to be like Router with DHCP and give me internal adress best regards nedi -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] How to configure astlinux to be a wlan AP with WPA , FW and to be like Router with DHCP.
Nedi wrote: Hi List Is three a Way to configure astlinux to be asterisk , AP, FW , Router How can I configure astlinux to be a wlan AP with WPA and to be like Router with DHCP and give me internal adress best regards nedi Question 1: Yes. Question 2: start by reading the documentation... -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
