Cody Alderson wrote:
John,
Comments in line.
What provider and what protocol?
VoIP.ms and SIP
Change your account and Asterisk to IAX. this can be done with voip.ms easily.
They even supply sample configs
With an Asterisk box working there is no reason to use SIP and have a giant red
John,
Comments in line.
What provider and what protocol?
>
VoIP.ms and SIP
>
>
> Suggestions:
> Make sure your passwords are changed and strong.
> Your ( external ) router is your first line of defense!
>
> Yes, I agree. I use complicated passwords. Is there a recommended
character length?
-
Hi Cody,
>From John's post your CNET (Collector's Network) is IAX2 based, and he
>explained things well. Enabling the Adaptive Ban plugin is still useful for
>IAX2 .
You ask a good general question, for most all other situations SIP is used,
here are some security measures that can be used:
Cody Alderson wrote:
Hi,
I am connected to CNET (Collector's Network)
In reality The Collectors Network is not a true network with a constant
connection. There is a reference point that provides the called node's IP
address from a dialed number. In the US it is 1+NXX-. Once the number t
Hi,
I am connected to CNET (Collector's Network) and have one incoming VoIP
line running in Astlinux. Outgoing calls over the VoIP number have been
redundantly disabled in Asterisk and at the VoIP service providers setup
options. My Astlinux is constantly bombarded with attempts to get in by
unaut
hi. i wanted to change the set management password in the console but when I
did and save it put action failed, I use kd how can change the password for
the astlinux box and the console system ?
thanks so much
On Wed, Dec 3, 2008 at 1:45 PM, Jose Colin wrote:
> HI. is anyway to Deactivate the
HI. is anyway to Deactivate the firewall in 6.2 version astlinux ? because
all incoming calls get busy signal. so I dont know if by default all
incoming traffic is blocked and I need to allow a call pass thru. so want to
deactivate firewall to see if the calls get answered normal way. by the way
wh
On Dec 2, 2008, at 10:49 AM, Kristian Kielhofner wrote:
> This is another important issue that has not really been discussed
> before.
>
> We have a problem here... One of the (main) reasons we run Asterisk
> as root is to allow preemption, which requires root privileges. This
> is pretty i
On 12/2/08, Tod Fitch <[EMAIL PROTECTED]> wrote:
>
> If you allow calls to your default context to be relayed back out then you
> can be in a position where unregistered entities can use your machine to
> make free calls. I guess this is a "security issue". Certainly that can be
> an issue that on
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Received: from 75-146-171-14-Minnesota.hfc.comcastbusiness.net [75.146.171.14]
with HTTP/1.1 (POST); Tue, 02 Dec 2008 10:12:34 -0600
User-Agent: RoundCube Webmail/0.1
Cont
On Dec 2, 2008, at 7:05 AM, Darrick Hartman wrote:
Martin Rogers wrote:
Yes my own concern was one of preventing unwanted use of PSTN lines
in
an Asterisk box which was on the internet.
If you have the default 'default' context
[default]
exten => i,1,Hangup
exten => s,1,Hangup
exten => t
Martin Rogers wrote:
>
>> If you allow calls to your default context to be relayed back out then
>> you can be in a position where unregistered entities can use your
>> machine to make free calls. I guess this is a "security issue".
>> Certainly that can be an issue that one should be careful of w
>
> If you allow calls to your default context to be relayed back out then
> you can be in a position where unregistered entities can use your
> machine to make free calls. I guess this is a "security issue".
> Certainly that can be an issue that one should be careful of when
> setting up a PBX.
On Dec 1, 2008, at 11:53 PM, Martin Rogers wrote:
Tod Fitch wrote:
On Dec 1, 2008, at 3:58 PM, Jose Colin wrote:
HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot
firewall or where ? i am insterested in put
Tod Fitch wrote:
> On Dec 1, 2008, at 3:58 PM, Jose Colin wrote:
>
>> HI. martin. I have seen that you said that if is SIP you should set
>> allowguest=no so where does that command should be set ? in arnot
>> firewall or where ? i am insterested in put that extra protection an
>> havent seen w
HI. one question. each time that I reboot the astlinux box. it appears
diferent NTP Network Session on remote and refid ? anyone know why it
appears these.
is a security breach ? or why I see each time. diferent remote address
appears on my status. I reboot 5 times in less than 10 minutes an each
On Dec 1, 2008, at 3:58 PM, Jose Colin wrote:
HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot
firewall or where ? i am insterested in put that extra protection an
havent seen where is the default yes
On
HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot firewall
or where ? i am insterested in put that extra protection an havent seen
where is the default yes
On Sun, Nov 16, 2008 at 3:51 AM, Martin Rogers <[EMAIL PR
Mart,
everything is on Asterisk box (I am using it as a router also, ADSL
router is only used as a bridge). I prefer all-in-one setup, though
many argue that it is better to have dedicated machines, but that is
impractical for obvious reasons.
I am not using Astlinux in this case (I had a pow
Mart
You can configure many of the settings for Openvpn through later versions of
the gui. I believe you still need to do the openssl key generation on the
command line.
If you have two static endpoints the racoon ipsec implementation may be better,
especially for traffic shaping.
One more
Niksa
could you please advise which model of router you have got working with
OpenVPN. Also can you confirm that you are running the VPN on the PBX
rather itself than in front of it (e.g. rather than on its own router in
box-to-box vpn mode).
Out of interest, if you are running it on the PBX did
Many thanks to all who have contributed to this thread.
Some interesting comments to think about.
Mart
Philip Prindeville wrote:
> Gah. Meant to say "behind a router"...
>
>
> Philip Prindeville wrote:
>> Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
>> phones.
>>
>>
Gah. Meant to say "behind a router"...
Philip Prindeville wrote:
> Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
> phones.
>
> Or, if your phones are being a router, the router can do the encryption
> for you.
>
> Encryption is a bounded delay, and it's very constant,
Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
phones.
Or, if your phones are being a router, the router can do the encryption
for you.
Encryption is a bounded delay, and it's very constant, so jitter (which
is as important as delay, and the delay is negligible in this
Jean-Paul wrote:
> In addition to adding the non root user, i would suggest to install a daemon
> like
>
> * fail2ban (http://www.fail2ban.org)
>
> It checks the log for failed (ssh) login attempts and block the originators
> ip address for a while. This blocks script kiddies after a few fa
In addition to adding the non root user, i would suggest to install a daemon
like
* fail2ban (http://www.fail2ban.org)
It checks the log for failed (ssh) login attempts and block the originators ip
address for a while. This blocks script kiddies after a few failed login
attempts.
Fail2ban
, Inc.
+1.732.786.8830 x120
-Original Message-
From: Martin Rogers [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2008 2:56 AM
To: AstLinux Users Mailing List
Subject: Re: [Astlinux-users] Securing Astlinux 0.6.1
Darrick,
interesting point about the VPN. I have to have three classes of
Martin,
you are unlikely to find OpenVPN support on the phone. The router on
the remote site should be responsible for maintaining VPN connection. I
have such setup with ADSL line (3M/512k), eight phones and 3 PCs on
remote site, all working over OpenVPN. So far it works flawlessly,
users are
Darrick,
interesting point about the VPN. I have to have three classes of port
opened up for my AstLinux to work on the internet. A VPN solution would
certainly simplify things in this respect.
However, in reality, how ubiquitous is VPN support on VOIP phones. I use
three types of phone (two Poly
Does anyone no where these messages in the log come from?
chan_misdn.c:2448 in misdn_hangup: MISDN_USERUSER: FAX MAG
Is this someone trying to use my * box?
Daniel
Martin Rogers a écrit :
> If you are using SIP you should also be paranoid and set allowguest=no,
> as this defaults to yes.
>
> Ma
If you are using SIP you should also be paranoid and set allowguest=no,
as this defaults to yes.
Mart
Philip Prindeville wrote:
> You can also use a shared secret for authentication with an MD5 digest
> exchange.
>
> That's reasonably secure.
>
> -Philip
>
>
> Darrick Hartman wrote:
>> David
You can also use a shared secret for authentication with an MD5 digest
exchange.
That's reasonably secure.
-Philip
Darrick Hartman wrote:
> David,
>
> You could use openvpn to secure the connection. MAC address
> restrictions are pretty weak and easy to spoof.
>
> Darrick
>
> David Kerr wrot
David,
You could use openvpn to secure the connection. MAC address
restrictions are pretty weak and easy to spoof.
Darrick
David Kerr wrote:
> I would like to permit a softphone on my laptop to connect to my
> astlinux box from anywhere in the world. This would mean keeping port
> 5060 open,
I would like to permit a softphone on my laptop to connect to my astlinux
box from anywhere in the world. This would mean keeping port 5060 open,
which is a potential security risk? Is there a way to restrict access by
mac address? so that my softphone on *my* laptop can connect, but no one
else's
Hi Darrick,
You right, I had miss-configured my Firewall: I open the voip ports when
I initially was try to my Asterisk trunk working. As I now know, the
trunk goes through a tunnel so I closed them just after my last post and
everything still works (no duh).
I still need to dig into my config
Daniel,
Not necessarily. It sounds like you have the firewall misconfigured.
What ports are you opening? You should really only have your ssh port
and vpn port open. All others should be closed. How are these people
getting in?
Darrick
Daniel Aeberli wrote:
> Sorry, just realised this is
Sorry, just realised this is more an Astersik general question than a
ASTLinux one ... of to search other forums...
Daniel Aeberli a écrit :
> Well after the brute force attack ssh login attempts, last month, I have
> an undesirable outsider that successfully made calls from my ASTlinux
> box.
Well after the brute force attack ssh login attempts, last month, I have
an undesirable outsider that successfully made calls from my ASTlinux
box. I locked out the brute force, by disabling WAN requests, turning of
WAN ping response and turning off ssh access, but obviously my box is
not secu
38 matches
Mail list logo
