Re: [asterisk-users] Security AccountID unknown - PJSIP

Le 30/09/2019 à 15:58, Joshua C. Colp a écrit : On Mon, Sep 30, 2019, at 10:52 AM, Administrator TOOTAI wrote: Le 30/09/2019 à 11:45, Joshua C. Colp a écrit : On Fri, Sep 27, 2019, at 11:31 AM, Administrator TOOTAI wrote: Hi list, I would like to now what is the sense of such type of entry in

Re: [asterisk-users] Security AccountID unknown - PJSIP

On Mon, Sep 30, 2019, at 10:52 AM, Administrator TOOTAI wrote: > Le 30/09/2019 à 11:45, Joshua C. Colp a écrit : > > On Fri, Sep 27, 2019, at 11:31 AM, Administrator TOOTAI wrote: > >> Hi list, > >> > >> I would like to now what is the sense of such type of entry in security.log > >> > >> [2019-09-

Re: [asterisk-users] Security AccountID unknown - PJSIP

Le 30/09/2019 à 11:45, Joshua C. Colp a écrit : On Fri, Sep 27, 2019, at 11:31 AM, Administrator TOOTAI wrote: Hi list, I would like to now what is the sense of such type of entry in security.log [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2

Re: [asterisk-users] Security AccountID unknown - PJSIP

On Fri, Sep 27, 2019, at 11:31 AM, Administrator TOOTAI wrote: > Hi list, > > I would like to now what is the sense of such type of entry in security.log > > [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c: > SecurityEvent="ChallengeSent",EventTV="2019-09-27T15:12:24.181+0200",Severity=

[asterisk-users] Security AccountID unknown - PJSIP

Hi list, I would like to now what is the sense of such type of entry in security.log [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2019-09-27T15:12:24.181+0200",Severity="Informational",Servic e="PJSIP",EventVersion="1",AccountID="", SessionID

Re: [asterisk-users] Security Architecture or Security Evaluations Docs?

On 28-07-14 12:28, Jeffrey Walton wrote: [snip] Is there anything that includes the development process? I'm interested in the secure development items and testing. Info about the development of Asterisk can be found here: http://asterisk.org/community/developers https://wiki.asterisk.org/wiki

Re: [asterisk-users] Security Architecture or Security Evaluations Docs?

Thanks Patrick, > Assuming "security+evaluation" refers to Common Criteria, Common Criteria is one, but not necessarily the only type of security evaluation. Often times organizations with resources will perform an evaluation against its own standards before adopting or accepting a system. I was h

Re: [asterisk-users] Security Architecture or Security Evaluations Docs?

On 26-07-14 14:23, Jeffrey Walton wrote: Does anyone know of Security Architecture or Security Evaluations documents that I could read? Searching is turning up no hits. For example, http://www.google.com/#q=security+evaluation+site:asterisk.org and http://www.google.com/#q=security+architecture+

[asterisk-users] Security Architecture or Security Evaluations Docs?

Does anyone know of Security Architecture or Security Evaluations documents that I could read? Searching is turning up no hits. For example, http://www.google.com/#q=security+evaluation+site:asterisk.org and http://www.google.com/#q=security+architecture+site:asterisk.org. -- ___

Re: [asterisk-users] Security log format / content

e log) From: asterisk-users-boun...@lists.digium.com on behalf of Michael L. Young Sent: Thursday, March 27, 2014 2:42 PM To: Asterisk Users List Subject: Re: [asterisk-users] Security log format / content - Original Message - > From: "Michelle Dupuis" > To:

Re: [asterisk-users] Security log format / content

- Original Message - > From: "Michelle Dupuis" > To: "Asterisk Users List" > Sent: Thursday, March 27, 2014 12:55:21 AM > Subject: [asterisk-users] Security log format / content > I've noticed that the Asterisk (v11) security log c

[asterisk-users] Security log format / content

I've noticed that the Asterisk (v11) security log captures attempts do dial without first authenticating, and places the number dialed into the "accountid" field. I'm trying to distinguish between failed attempts to register and attempts to dial without registering, but the security log treats

Re: [asterisk-users] security: SIP header spoofing CHANNEL(recvip)?

Alejandro Recarey Sent: 25 August 2011 11:34 To: Asterisk Users Mailing List Subject: [asterisk-users] security: SIP header spoofing CHANNEL(recvip)? I am currently suffering various SIP attacks. I am using the following extension to record the caller's IP address: exten => h,n,set(CDR(srcip)=$

[asterisk-users] security: SIP header spoofing CHANNEL(recvip)?

I am currently suffering various SIP attacks. I am using the following extension to record the caller's IP address: exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)}) However, in recent attacks, this IP address is not correct, and I believe that they are spoofing it. I am using asterisk 1.6.2.15. D

Re: [asterisk-users] Security questions

Configure a firewall to allow only known IP's. Regards, Mitesh Thakkar +91 94279 07952 GTalk: mail.mthak...@gmail.com On Sun, Jul 24, 2011 at 9:06 AM, C F wrote: > It's not bad but it wont prevent flooding your box with register > attempts and spoofing a user agent is trivia at best. > > On Sa

Re: [asterisk-users] Security questions

It's not bad but it wont prevent flooding your box with register attempts and spoofing a user agent is trivia at best. On Sat, Jul 23, 2011 at 9:09 PM, Flavio Miranda wrote: > Hello everybody! > >   I'd like to heard from those with more experience in Security if the > following configuration is

[asterisk-users] Security questions

Hello everybody! I'd like to heard from those with more experience in Security if the following configuration is a good attempt to prevent hack: exten => CALLER,2,Set(header=${SIP_HEADER(User-Agent)}) exten => CALLER,3,NoOp(Cabecalho ${header}) exten => CALLER,4,GotoIf($["${header}"= "My User

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Thanks for the input guys. So, the IP is resolved only when IPTABLES is loaded or reloaded. Therefore, the best approach would be to ping the hostname every let's say 3 seconds and see if the IP is still the same and if it is then move on, otherwise update the iptables with the new IP address. Thi

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On Sat, 2 Oct 2010, Kyle Kienapfel wrote: > You're not going to be able to put a dns hostname in the iptables, but > you could have a script that runs at times and gets the ip address for > your dynamic hostname and allows that. Almost. You can put a host name in iptables, but it is resolved w

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On Sat, 2 Oct 2010 14:56:11 -0400, bruce bruce wrote > Hi Everyone > > I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box > that needs to be secured at all times. Currently it's not connected to the > internet. If it were connected, I would have iptables block any and al

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On Sat, Oct 2, 2010 at 4:37 PM, bruce bruce wrote: > Thanks Roger. > > I will be trying this box to see what I can do. Otherwise, I'd probably > have to find a list of all of the Rogers (The ISP providing internet to > these boxes) IPs to at least limit the attacks to Rogers ISP. > > hmmm > >

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Thanks Roger. I will be trying this box to see what I can do. Otherwise, I'd probably have to find a list of all of the Rogers (The ISP providing internet to these boxes) IPs to at least limit the attacks to Rogers ISP. hmmm Or maybe secure is using DNS like this: sdlfjds...@$523k4j98sd7fk

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Yeah, you are missing all :-) Sorry, read the thread again. On Sat, Oct 2, 2010 at 5:05 PM, sean darcy wrote: > On 10/02/2010 04:09 PM, bruce bruce wrote: > > Can't I in my ip tables just accept the pap2t.dyndns.org > > if that is bind to the PAP2T? do you think the >

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On 10/02/2010 04:09 PM, bruce bruce wrote: > Can't I in my ip tables just accept the pap2t.dyndns.org > if that is bind to the PAP2T? do you think the > devices comes in with it's external IP rather than the dyndns domain? > > Thanks > > On Sat, Oct 2, 2010 at 3:43 PM, bru

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote: >Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind to >the PAP2T? do you think the devices comes in with it's external IP rather >than the dyndns domain? Yes. An IP datagram carries only the source and destination

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Thanks On Sat, Oct 2, 2010 at 3:43 PM, bruce bruce wrote: > I was confusing the asterisk server side of sip_nat with the

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

I was confusing the asterisk server side of sip_nat with the PAP2T. So, PAP2T can only register to DynDNS and that's all. What sort of a script would I be looking for? something to query DynDNS for the new IP of the device to add to firewall? This might however bring down time if inquiry is not su

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On 10/02/2010 03:31 PM, bruce bruce wrote: Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 ??? Thansk again, On Sat,

Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

On 10/02/2010 02:56 PM, bruce bruce wrote: > Hi Everyone > > I think PAP2T supports DynDNS and other Dynamic DNS providers. I have > a box that needs to be secured at all times. Currently it's not > connected to the internet. If it were connected, I would have iptables > block any and all traffi

[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T

Re: [asterisk-users] Security - What inbound variables can attackers populate or use when calling?

From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Warren Selby Sent: Saturday, August 07, 2010 1:35 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Security - What inbound variables can attackers

Re: [asterisk-users] Security - What inbound variables can attackers populate or use when calling?

On Fri, Aug 6, 2010 at 10:53 PM, wrote: > Someone from Amsterdam was trying to register yesterday using an automated > program which tried roughly 1,000 or so username password combinations > before I shut asterisk down and added his/her ip to iptables to drop it. I > wonder if I can configure th

Re: [asterisk-users] Security - What inbound variables can attackers populate or use when calling?

ng List - Non-Commercial Discussion Subject: Re: [asterisk-users] Security - What inbound variables can attackers populate or use when calling? What kind of attack can they reform calling in? On Aug 6, 2010 1:12 AM, wrote: > I am setting filters, etc. on variables that attackers can send ast

Re: [asterisk-users] Security - What inbound variables can attackers populate or use when calling?

What kind of attack can they reform calling in? On Aug 6, 2010 1:12 AM, wrote: > I am setting filters, etc. on variables that attackers can send asterisk > when they call (for example when they initially call into asterisk). > > So far, I am filtering: > > exten > > CALLERID(name) > > CALLERID(nu

[asterisk-users] Security - What inbound variables can attackers populate or use when calling?

I am setting filters, etc. on variables that attackers can send asterisk when they call (for example when they initially call into asterisk). So far, I am filtering: exten CALLERID(name) CALLERID(num) What other fields or variables would an attacker be able to use in the packets that they s

Re: [asterisk-users] Security tests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Steve. On Fri, Apr 23, 2010 at 22:38:49 -0300, Steve Totaro wrote: >> Perhaps it was not very clear, but yes, I was talking about this. I >> believe that I found the cause of the problem. The cause by which I >> was not seeing VoIP traffic betwee

Re: [asterisk-users] Security tests

On Fri, Apr 23, 2010 at 9:14 PM, Daniel Bareiro wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > El jueves 22 de abril del 2010 a las 14:33:01 -0300, > Philipp von Klitzing escribió: > > > Hi! > > Hi, Philipp. > > >> But it draws attention to me between the PC with softphone and the >

Re: [asterisk-users] Security tests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El jueves 22 de abril del 2010 a las 14:33:01 -0300, Philipp von Klitzing escribió: > Hi! Hi, Philipp. >> But it draws attention to me between the PC with softphone and the >> telephone I see traffic ARP or ICMP that could make to try between >> the

Re: [asterisk-users] Security tests

On Thu, 22 Apr 2010, Philipp von Klitzing wrote: > Hi! > >> But it draws attention to me between the PC with softphone and the >> telephone I see traffic ARP or ICMP that could make to try between the >> equipment but does not see RTP. Is there some special consideration that >> it must to observe

Re: [asterisk-users] Security tests

Hi! > But it draws attention to me between the PC with softphone and the > telephone I see traffic ARP or ICMP that could make to try between the > equipment but does not see RTP. Is there some special consideration that > it must to observe? Your English is seriously twisted, making your questio

[asterisk-users] Security tests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all! In the network of my house I was testing the security with my Asterisk installation. The first test that I'm doing is an man in the middle attack. In this scenary, the attacker is a virtual machine that it tries to see the SIP traffic between

Re: [asterisk-users] security & dtmf

has anyone ever heard or read of an actual case of someone packet sniffing the tones to get pin#'s? _ Hotmail: Free, trusted and rich email service. http://clk.atdmt.com/GBL/go/201469228/di

Re: [asterisk-users] Security Logging

- "Tzafrir Cohen" wrote: > On Wed, Feb 10, 2010 at 09:53:46PM -0600, Lyle Giese wrote: > > Warren Selby wrote: > > > On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese > > > wrote: > > > > > > Here's a start for you, just run from cron once a day: > > > > > > Lyl

Re: [asterisk-users] Security Logging

On Wed, Feb 10, 2010 at 09:53:46PM -0600, Lyle Giese wrote: > Warren Selby wrote: > > On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese > > wrote: > > > > Here's a start for you, just run from cron once a day: > > > > Lyle > > > > > > So basically, nothing built into

Re: [asterisk-users] Security Logging

Warren Selby wrote: > On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese > wrote: > > Here's a start for you, just run from cron once a day: > > Lyle > > > So basically, nothing built into asterisk that already provides > security logging mechanisms? Maybe I'm using t

Re: [asterisk-users] Security Logging

On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese wrote: > Here's a start for you, just run from cron once a day: > > Lyle > So basically, nothing built into asterisk that already provides security logging mechanisms? Maybe I'm using the wrong term; In Windows, I think it would be called Security Audi

Re: [asterisk-users] Security Logging

Warren Selby wrote: > Hello list, > > I've got a client who's weak sip passwords are being guessed by remote > entities who then connect to their server and use it to wardial large > swaths of numbers. When they start receiving complaints, they call me > and I add the ip address of the remot

Re: [asterisk-users] Security Logging

On Tue, 9 Feb 2010, Warren Selby wrote: > Is there some logging capability that allows me to see every IP address > of every sip registration attempt, along with details about the sip reg > attempt (I.e user name tried, success or failure, user agent, etc). I > haven't found a way to do this y

[asterisk-users] Security Logging

Hello list, I've got a client who's weak sip passwords are being guessed by remote entities who then connect to their server and use it to wardial large swaths of numbers. When they start receiving complaints, they call me and I add the ip address of the remote user to the iptables drop lis

Re: [asterisk-users] Security Against brute force attack

Hi, there are several possibilities do to it REGISTER Username/Extensions Enumeration INVITE Username/Extensions Enumeration OPTION Username/Extensions Enumeration for more information: http://www.hackingvoip.com/presentations/sample_chapter3_hacking_voip.pdf rich... On Thu, Nov 19, 2009 at 1

Re: [asterisk-users] Security Against brute force attack

Hi All, I must say that there are many ways to detect password attack cause this information actually goes into logs and it's possible to analyze them. Couple of hours thinking + day or 2 creating gives a really nice result. Bad thing is that by the time someone will start guessing password with d

Re: [asterisk-users] Security Against brute force attack

Hello Xavier, Unfortunately we are not aware of any Asterisk configuration which will protect against of a brute force attack on SIP. We use BFD - http://www.rfxn.com/projects/brute-force-detection/ . We have found first details here: http://engineertim.com/?cat=15 and we are currently maintaini

Re: [asterisk-users] Security Against brute force attack

fail2ban http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk 2009/11/16 Xavier Mesquida > Has Asterisk any protection against brute force attack for SIP > authentication? > Something like a maximum login attempt limit > Thanks > > >

[asterisk-users] Security Against brute force attack

Has Asterisk any protection against brute force attack for SIP authentication? Something like a maximum login attempt limit Thanks ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSC

Re: [asterisk-users] Security issue

On Monday 09 February 2009 04:17:47 Gordon Henderson wrote: > On Fri, 6 Feb 2009, oumar ndiaye wrote: > > Is there a way to restrict connection to my asterisk server to users > > based on their IP addresses, and not just password. I have some hackers > > who connect to my server to make illegitimat

Re: [asterisk-users] Security issue

On Mon, 9 Feb 2009, Geraint Lee wrote: > what about something along the lines of... > > iptables . Well, whatever, but this isn't an answer to my question and I'm still curious as to how the hackers are breaking usernames and passwords, as I have servers which I can't firewall and if there

Re: [asterisk-users] Security issue

well, you got the general idea :) 2009/2/9 Tzafrir Cohen > On Mon, Feb 09, 2009 at 11:09:34AM +, Geraint Lee wrote: > > what about something along the lines of... > > > > iptables -A INPUT -p udp --dport 5060 -j DROP > > iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT > > i

Re: [asterisk-users] Security issue

On Mon, Feb 09, 2009 at 11:09:34AM +, Geraint Lee wrote: > what about something along the lines of... > > iptables -A INPUT -p udp --dport 5060 -j DROP > iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT > iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT > iptables

Re: [asterisk-users] Security issue

what about something along the lines of... iptables -A INPUT -p udp --dport 5060 -j DROP iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT Cheers 2009/2/9

Re: [asterisk-users] Security issue

On Fri, 6 Feb 2009, oumar ndiaye wrote: > Is there a way to restrict connection to my asterisk server to users based > on their IP addresses, and not just password. I have some hackers who > connect to my server to make illegitimate solicitation calls to people. I > had to shutdown the server for

Re: [asterisk-users] Security issue

Hello, if you dont know iptables that much, and would like to see more "user friendly" configuration method, i suggest you to use Shorewall, which is very flexible, has some clear logs, and generates same iptable rules behind. 2009/2/8 David fire > denay permit are in sip.conf and iax.conf > Dav

Re: [asterisk-users] Security issue

denay permit are in sip.conf and iax.conf David 2009/2/7 oumar ndiaye > David, > Thanks in advance. Where do I change the user/peers definition? Is it in > the firewall of the OS? In that case that won't work because the server host > other services such as ssh http that are open to any IP as lo

Re: [asterisk-users] Security issue

What distribution are you using? Below is a tutorial from the ubuntu site but it should give you the basics of setting up iptables rules. I have created custom rules for all my servers and the amount of junk traffic has been dramatically reduced. Good Luck!! https://help.ubuntu.com/community/I

Re: [asterisk-users] Security issue

use IP tables and start with deny all. Follow this by allowing only the protocols/ports you want and only the source/destination ip's you wish to allow. these can be combined to say allow ssh from anywhere but only allow sip (and it's range of ports) to/from a very limited set of ip's belonging t

Re: [asterisk-users] Security issue

David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in

Re: [asterisk-users] Security issue

you have many options but you should use it together. firewall in the user/peers definitions add host= and/or deny=0.0.0.0/0.0.0.0 permit=/ change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye > Is there a way to restrict connection to my a

Re: [asterisk-users] Security issue

um.com] On Behalf Of oumar ndiaye Sent: Friday, February 06, 2009 3:01 PM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Security issue Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who con

[asterisk-users] Security issue

Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. on

Re: [asterisk-users] Security communication dilemma: your help needed

Jeff LaCoursiere wrote: > This sounds perfect. So what is missing? Just the "super list > processor"? Yep... we're looking for either an existing tool, or someone interested in coding up some Perl/PHP/Python/Ruby/etc. to be run as a delivery agent for an MTA and do the message acceptance/routi

Re: [asterisk-users] Security communication dilemma: your help needed

On Sat, 10 Jan 2009, Kevin P. Fleming wrote: > John Todd wrote: > >> Desired procedure: A public key signature method would be publicly >> available via an SSL web page or various keyservers. Individuals >> could sign messages with the public key. Signed messages sent to >> "security@" would

Re: [asterisk-users] Security communication dilemma: your help needed

Kevin P. Fleming wrote: > Tzafrir Cohen wrote: > > >> Suggested modification) >> >> X also signs the message with his public key. >> >> (If X doesn't want to, this automated procedure will not apply) >> > > I don't understand; if X signs the message using his public key, then > recipients w

Re: [asterisk-users] Security communication dilemma: your help needed

Tzafrir Cohen wrote: > On Sat, Jan 10, 2009 at 10:04:53AM -0600, Kevin P. Fleming wrote: >> Tzafrir Cohen wrote: >> >>> Suggested modification) >>> >>> X also signs the message with his public key. >>> >>> (If X doesn't want to, this automated procedure will not apply) >> I don't understand; if X s

Re: [asterisk-users] Security communication dilemma: your help needed

On Sat, Jan 10, 2009 at 10:04:53AM -0600, Kevin P. Fleming wrote: > Tzafrir Cohen wrote: > > > Suggested modification) > > > > X also signs the message with his public key. > > > > (If X doesn't want to, this automated procedure will not apply) > > I don't understand; if X signs the message usi

Re: [asterisk-users] Security communication dilemma: your help needed

Tzafrir Cohen wrote: > Suggested modification) > > X also signs the message with his public key. > > (If X doesn't want to, this automated procedure will not apply) I don't understand; if X signs the message using his public key, then recipients would need X's private key to verify the signatur

Re: [asterisk-users] Security communication dilemma: your help needed

Hi On Sat, Jan 10, 2009 at 06:38:45AM -0600, Kevin P. Fleming wrote: > John Todd wrote: > > > Desired procedure: A public key signature method would be publicly > > available via an SSL web page or various keyservers. Individuals > > could sign messages with the public key. Signed messages

Re: [asterisk-users] Security communication dilemma: your help needed

John Todd wrote: > Desired procedure: A public key signature method would be publicly > available via an SSL web page or various keyservers. Individuals > could sign messages with the public key. Signed messages sent to > "security@" would then be decrypted, and re-encrypted with the >

Re: [asterisk-users] Security communication dilemma: your help needed

On Fri, Jan 09, 2009 at 04:05:01PM -0500, John Todd wrote: > > > Dilemma: Digium will sometimes receive requests to send GPG-encrypted > mail dealing with security issues. This works somewhat poorly for > email role accounts where there are multiple recipients on a single > address. If th

[asterisk-users] Security communication dilemma: your help needed

Dilemma: Digium will sometimes receive requests to send GPG-encrypted mail dealing with security issues. This works somewhat poorly for email role accounts where there are multiple recipients on a single address. If there exists a better way to do this that doesn't involve a lot of cust

Re: [asterisk-users] security on localhost connections

On 31 Aug 2008, at 01:15, David Burgess wrote: > Asterisk Users - > > We are presently try to operate a hybrid GSM/Asterisk cellular > basestation at the Burning Man Festival in the Nevada desert. (See > http://openbts.sourceforge.net). The architecture is basically one > where cell phones are

Re: [asterisk-users] security on localhost connections

On Saturday 30 August 2008 19:15:36 David Burgess wrote: > Now we've discovered a new problem: Asterisk lets these non-existent > make calls even though they are not listed as users in sip.conf. We > suspect that is happening because they are all localhost connections, > and therefore bypassing so

[asterisk-users] security on localhost connections

Asterisk Users - We are presently try to operate a hybrid GSM/Asterisk cellular basestation at the Burning Man Festival in the Nevada desert. (See http://openbts.sourceforge.net). The architecture is basically one where cell phones are presented to Asterisk as SIP users, using the IMSI a

Re: [asterisk-users] SECURITY QUESTION & SANITY CHECK

Karl Fife schrieb: > SECURITY QUESTION & SANITY CHECK: Caps-lock key jammed? > WHAT ARE BEST PRACTICES? PLEASE CRITIQUE! Mixed-case. All upper-case is considered shouting. -- Philipp Kempgen http://www.das-asterisk-buch.de - http://www.the-asterisk-book.com Amooma GmbH - Bachstr. 126 - 56

Re: [asterisk-users] SECURITY QUESTION & SANITY CHECK

Hi, [snip] > For example I tried to block registrations from other subnets as > follows: > [general] > ... > deny=0.0.0.0/0.0.0.0 ;deny all by default? > permit=10.1.0.0/255.255.0.0 ;allow registrations from local > subnet? you should put deny/permit PER peer as [200]

Re: [asterisk-users] SECURITY QUESTION & SANITY CHECK

On Sunday 24 August 2008 14:17:47 Karl Fife wrote: > For crude IPS/IDS is there an Asterisk method to blacklist registrations > from a specific IP address after a certain number of failed registration > attempts, or would I need an SBC or IDS/IPS for that? There is no solution in Asterisk currentl

[asterisk-users] SECURITY QUESTION & SANITY CHECK

SECURITY QUESTION & SANITY CHECK: If only my SIP ports and a small range of RTP ports are facing the public internet, what is the method by which an evildoer would be able to do fraudulent long distance on my nickel? Would it REALLY be as simple as guessing the credentials for ANY of my local si

RE: [asterisk-users] Security on long distance calls

) 979-2906 Fax: (212) 279-2906 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dovid B Sent: Sunday, April 01, 2007 5:54 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Security on long distance calls Or you can do exten =>

Re: [asterisk-users] Security on long distance calls

gotoif for every extension that you want to allow to call intl. - Original Message - From: Rizwan Hisham To: Asterisk Users Mailing List - Non-Commercial Discussion Sent: Friday, March 30, 2007 11:18 AM Subject: Re: [asterisk-users] Security on long distance calls For op

Re: [asterisk-users] Security on long distance calls

For operator: [longdistance] include=> local include=> International for extensions: [localcalls] include=> local now assign longdistance context to operator and localcalls context to every other user for whom you want to restrict intl calls [local] should include all local extension codes [

[asterisk-users] Security on long distance calls

Hello, which kind of method could you use to inhibit long distance calls to _some_ extensions? Is there a way to do it with freepbx or you have to do it manually in the config files? I wouldn't like to set a route password, because that is not confortable for the pbx operator. I just would lik

[asterisk-users] Security and DTMF

Hi all, What is the common practice for sensitive calls to banking, etc? Personally, I route all the toll free numbers through my zap lines, which solves it for me. Is it the common practice to push these types of calls through PSTN only? Thanks for any input. -- Warm Regards, Lee ___

Re: [asterisk-users] Security

On Thu, Aug 17, 2006 at 09:41:02AM +0300, Khaled Chehab wrote: > Dear > > I am using [EMAIL PROTECTED] V 2.6.I used to sniff the server for 24 hours > ,the > result was that my server is talking to another servers through port 80 and > 22 and 1000,. tcp netstat -lntp , for starters. > > Ips

Re: [asterisk-users] Security

Khaled Chehab wrote: Dear I am using [EMAIL PROTECTED] V 2.6.I used to sniff the server for 24 hours ,the result was that my server is talking to another servers through port 80 and 22 and 1000,… tcp This isn't the [EMAIL PROTECTED] mailing list - Take your issues to the appropriate forum.

RE: [asterisk-users] Security

iling List - Non-Commercial Discussion' Cc: [EMAIL PROTECTED] Subject: [asterisk-users] Security   Dear I am using [EMAIL PROTECTED] V 2.6.I used to sniff the server for 24 hours ,the result was that my server is talking to another servers through port 80 and 22 and 1000,… tcp Ips are 4.

[asterisk-users] Security

Dear I am using [EMAIL PROTECTED] V 2.6.I used to sniff the server for 24 hours ,the result was that my server is talking to another servers through port 80 and 22 and 1000,… tcp Ips are 4.254.167.67     65.119.192.235     83.133.127.60   Is there any backdoor or a T

RE: [Asterisk-Users] Security and SIP

terisk-users- > [EMAIL PROTECTED] On Behalf Of John Fawcett > Sent: Monday, August 15, 2005 3:22 AM > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] Security and SIP > > I've now setup SIP for: > - internal softphones > - registering with external pr

Re: [Asterisk-Users] Security and SIP

You could make your FWD sonfigs even more secure by switching to IAX (you have to register with them for it) and then you can use RSA keys (already in your * distro) to prevent faking of connections. Check with the FWD site. Ther's a howto on there. I use this method and I like it alot. Espe

[Asterisk-Users] Security and SIP

I've now setup SIP for: - internal softphones - registering with external providers (like FWD) for making calls - receiving calls from theese providers For the latter step, it was necessary to forward ports from my NAT to the asterisk server: 5060 + range of ports mentioned in rtp.conf. I was ju

[Asterisk-Users] security

Good day all I want to put a asterisk server on a public ip and allow any,registered sip and iax connection What security risks are there and how can I secure my pabx One thing I want to know is how do I make it that anyone can call a extension at my box but not make a call out. i.o.w how do I call

Re: [Asterisk-Users] Security audit scripts

Remco Barende wrote: That is my major concern too, the * config files (as we all know) are not the easiest to read and when the setup becomes more complicated it's difficult to know for sure if you haven't left any loopholes open (for example a caller on hold that can dial outside etc.) Well, yo

  1   2   >