Send VoiceOps mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/voiceops
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of VoiceOps digest..."
Today's Topics:
1. Specific SIP packets cause some Intel gigabit ethernet
controllers to reset (Kristian Kielhofner)
2. Re: Specific SIP packets cause some Intel gigabit ethernet
controllers to reset (Jay Ashworth)
3. SIP-to-TDM gateway appliance (Nathan Anderson)
4. Re: SIP-to-TDM gateway appliance (Faisal Imtiaz)
5. NOTICE: To all providers using the Grandstream HT502/HT503
(Ryan Delgrosso)
6. Re: SIP-to-TDM gateway appliance (Jastak, Eric)
----------------------------------------------------------------------
Message: 1
Date: Wed, 6 Feb 2013 15:38:24 -0500
From: Kristian Kielhofner <[email protected]>
To: [email protected]
Subject: [VoiceOps] Specific SIP packets cause some Intel gigabit
ethernet controllers to reset
Message-ID:
<CAKDfjgfrxNL=3pvfdi5yefvtddb0xxkpxrayanyp8g++gon...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I'm sure some of you have seen this elsewhere but it seems the more
places I share it the more confirmations I receive:
http://blog.krisk.org/2013/02/packets-of-death.html
Long story short some oddly configured Yealink devices could cause our
Intel gigabit controllers to lose link.
--
Kristian Kielhofner
------------------------------
Message: 2
Date: Wed, 6 Feb 2013 15:55:02 -0500 (EST)
From: Jay Ashworth <[email protected]>
To: [email protected]
Subject: Re: [VoiceOps] Specific SIP packets cause some Intel gigabit
ethernet controllers to reset
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=utf-8
----- Original Message -----
> From: "Kristian Kielhofner" <[email protected]>
> I'm sure some of you have seen this elsewhere but it seems the more
> places I share it the more confirmations I receive:
>
> http://blog.krisk.org/2013/02/packets-of-death.html
>
> Long story short some oddly configured Yealink devices could cause our
> Intel gigabit controllers to lose link.
Over here on the voice side of things, this reminds me of a floor-killer
bug I had to chase down, with some help from Mike Cargile, when I was
at VICI Marketing.
We'd upgraded our Asterisk installations from 1.2.24 or 6 to 1.2.30.2, and
everything was fine.
Then we upgraded to 30.4, and progressively, my entire floor would collapse,
at least once a day.
The problem, it turned out after 6 hours of groveling with wireshark, was
that something in the IAX driver was supposed to be resetting a 16-bit
counter, and wasn't (or the reverse; it's been 4 years), and the driver
would get clogged up as old sessions weren't reaped, eventually causing the
entire 255 seat fronter/closer call center to come to a halt.
It took us over a week to finally nail it down; it was intermittent as well,
based on I no longer remember what; some days, we'd be fine. Some days, we'd
come down 2 or 3 times.
The debugging sagas certainly make great reading, though; thanks again.
Cheers,
-- jra
--
Jay R. Ashworth Baylink [email protected]
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
------------------------------
Message: 3
Date: Wed, 6 Feb 2013 14:04:36 -0800
From: Nathan Anderson <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: [VoiceOps] SIP-to-TDM gateway appliance
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
I know this has been a topic of conversation in the past, but things might have
changed since the last discussion and I'm wondering what the market is
currently like for such devices.
We deliver voice strictly via SIP/RTP, but naturally there are some potential
customers out there that still have an older, non-IP-aware PBX that they're not
ready to throw out yet. What are the best and most cost-effective gateway
options out there at this time? We are specifically looking for one that has a
single T1 interface that can operate in either CAS or PRI modes.
Special requirements:
1) We need to be able to do DID manipulation between T1 and SIP; I presume this
is a rather standard feature in most gateways given that most SIP trunk
providers will send at least 10-digit DNIS (in the INVITE and "To" fields) but
DNIS on PRI is often only the last 3 or 4 digits of the TN.
2) There may be certain situation where we want to leave the PBX configuration
as untouched/unchanged as possible (drop-in replacement service), and where
there is no correllation between target DID and the telephone number (e.g.,
212-555-1212 is called, PBX is sent 4001). We'd like a gateway where static
mappings like that for DID manipulation are possible, rather than just a
general rule that says "strip the first 6 digits off before sending to the PRI".
3) For outgoing calls, the device needs to put the calling DID (the desired
Caller-ID/ANI) in the PAI header, and also needs to be able to be configured to
override "From" with a static alphanumeric value (so "From" and PAI should not
match; "From" will not contain the desired ANI).
4) In T1 CAS singalling modes such as E&M Wink where it is possible to transmit
CLID and target DID information via DTMF to the PBX, different PBXes
potentially have different formats that they want to see this information in;
for example, a Nortel Norstar would expect to see *CALLERID*DNIS* (e.g.,
*2125550001*1212* where the caller is 212-555-0001 and the destination is
212-555-1212). Are there any gateways that support this?
5) It needs to have a T.38 gateway mode that can recognize a fax call, either
send or accept a re-INVITE with a T.38 SDP as appropriate, and perform the
"transcoding" from/to T.38 between the T1 channel and the RTP session. Just
resorting to G.711 for fax passthrough is not desireable...any gateway can do
that.
6) If in T1 CAS mode, and the PBX takes a channel "off-hook" to place an
outbound call, the gateway should generate an audible dialtone.
...and, of course, it would be nice if we could find such a device < $1,000. :-P
I know I could build one myself with a mini PC and a single-span T1 card that
was running Asterisk 10 and easily hit that price point, but I'd rather find a
supported, off-the-shelf solution to sell to our customers, if possible.
There are the "usual suspects", of course: AdTran, MediaTrix, AudioCodes, and
so forth. AdTran seems to get talked about a lot here. Let's say price was no
object for a second. Does anyone know if there is a model amongst any of the
ones these manufacturers produce that fulfills the above list of requirements?
Does anybody have any experience with Digium's relatively new line of gateways
(G100/G200)? I think it would support some of these scenarios (#1 and #3) but
I'm not sure about the remaining ones. Unfortunately, although it most
certainly runs on an Asterisk core, that core is only exposed to you through a
clever but still-limited GUI; with direct access to the dialing plan
(extensions.conf) I could accomplish all of these things myself. The price is
certainly right, though.
If only somebody made a reasonably-priced single-board-computer that ran raw,
embedded Asterisk and had a single-span T1 interface on it. Oh wait, somebody
does!:
http://switchvoice.com/index.php?page=shop.product_details&flypage=flypage-ask.tpl&product_id=9&category_id=2&option=com_virtuemart&Itemid=30
http://www.odints.com/pages/prod/completesolutions/alvis-pbx/alvisfs.htm
Only problem is that the first company doesn't have a U.S. distributor, and the
second doesn't have a distributor that sells in single-unit quantities.
Would love to hear y'all's thoughts on this subject.
Thanks,
--
Nathan Anderson
First Step Internet, LLC
[email protected]
------------------------------
Message: 4
Date: Wed, 06 Feb 2013 17:09:21 -0500
From: Faisal Imtiaz <[email protected]>
To: [email protected]
Subject: Re: [VoiceOps] SIP-to-TDM gateway appliance
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Nathan,
Have you looked at or worked with Adtran Total Access 90x Series ?
We use them to do SIP to TDM handoff .. they have been great, and have a
tremendous amount of flexibility, and you can do all what you have
listed below with them.
Regards.
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, Fl 33155
Tel: 305 663 5518 x 232
Helpdesk: 305 663 5518 option 2 Email: [email protected]
On 2/6/2013 5:04 PM, Nathan Anderson wrote:
> I know this has been a topic of conversation in the past, but things might
> have changed since the last discussion and I'm wondering what the market is
> currently like for such devices.
>
> We deliver voice strictly via SIP/RTP, but naturally there are some potential
> customers out there that still have an older, non-IP-aware PBX that they're
> not ready to throw out yet. What are the best and most cost-effective
> gateway options out there at this time? We are specifically looking for one
> that has a single T1 interface that can operate in either CAS or PRI modes.
>
> Special requirements:
>
> 1) We need to be able to do DID manipulation between T1 and SIP; I presume
> this is a rather standard feature in most gateways given that most SIP trunk
> providers will send at least 10-digit DNIS (in the INVITE and "To" fields)
> but DNIS on PRI is often only the last 3 or 4 digits of the TN.
>
> 2) There may be certain situation where we want to leave the PBX
> configuration as untouched/unchanged as possible (drop-in replacement
> service), and where there is no correllation between target DID and the
> telephone number (e.g., 212-555-1212 is called, PBX is sent 4001). We'd like
> a gateway where static mappings like that for DID manipulation are possible,
> rather than just a general rule that says "strip the first 6 digits off
> before sending to the PRI".
>
> 3) For outgoing calls, the device needs to put the calling DID (the desired
> Caller-ID/ANI) in the PAI header, and also needs to be able to be configured
> to override "From" with a static alphanumeric value (so "From" and PAI should
> not match; "From" will not contain the desired ANI).
>
> 4) In T1 CAS singalling modes such as E&M Wink where it is possible to
> transmit CLID and target DID information via DTMF to the PBX, different PBXes
> potentially have different formats that they want to see this information in;
> for example, a Nortel Norstar would expect to see *CALLERID*DNIS* (e.g.,
> *2125550001*1212* where the caller is 212-555-0001 and the destination is
> 212-555-1212). Are there any gateways that support this?
>
> 5) It needs to have a T.38 gateway mode that can recognize a fax call, either
> send or accept a re-INVITE with a T.38 SDP as appropriate, and perform the
> "transcoding" from/to T.38 between the T1 channel and the RTP session. Just
> resorting to G.711 for fax passthrough is not desireable...any gateway can do
> that.
>
> 6) If in T1 CAS mode, and the PBX takes a channel "off-hook" to place an
> outbound call, the gateway should generate an audible dialtone.
>
> ...and, of course, it would be nice if we could find such a device < $1,000.
> :-P
>
> I know I could build one myself with a mini PC and a single-span T1 card that
> was running Asterisk 10 and easily hit that price point, but I'd rather find
> a supported, off-the-shelf solution to sell to our customers, if possible.
>
> There are the "usual suspects", of course: AdTran, MediaTrix, AudioCodes, and
> so forth. AdTran seems to get talked about a lot here. Let's say price was
> no object for a second. Does anyone know if there is a model amongst any of
> the ones these manufacturers produce that fulfills the above list of
> requirements?
>
> Does anybody have any experience with Digium's relatively new line of
> gateways (G100/G200)? I think it would support some of these scenarios (#1
> and #3) but I'm not sure about the remaining ones. Unfortunately, although
> it most certainly runs on an Asterisk core, that core is only exposed to you
> through a clever but still-limited GUI; with direct access to the dialing
> plan (extensions.conf) I could accomplish all of these things myself. The
> price is certainly right, though.
>
> If only somebody made a reasonably-priced single-board-computer that ran raw,
> embedded Asterisk and had a single-span T1 interface on it. Oh wait,
> somebody does!:
>
> http://switchvoice.com/index.php?page=shop.product_details&flypage=flypage-ask.tpl&product_id=9&category_id=2&option=com_virtuemart&Itemid=30
>
> http://www.odints.com/pages/prod/completesolutions/alvis-pbx/alvisfs.htm
>
> Only problem is that the first company doesn't have a U.S. distributor, and
> the second doesn't have a distributor that sells in single-unit quantities.
>
> Would love to hear y'all's thoughts on this subject.
>
> Thanks,
>
------------------------------
Message: 5
Date: Wed, 06 Feb 2013 14:15:16 -0800
From: Ryan Delgrosso <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [VoiceOps] NOTICE: To all providers using the Grandstream
HT502/HT503
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
All,
Over the last few months we have uncovered a vulnerability in the HT502
that allows for theft of credentials from customer devices. I am sending
this out since the issue has now been resolved in a new release of
firmware BUT Grandstream have NOT sent out any kind of pro-active
notifications nor included this fix in their release notes for this
build. After conferring with some other sizable providers also using
this device at scale, they were able to "connect the dots" on their
up-tick in fraud based on our discovery.
First some history:
We currently have over 50,000 deployed HT502's in active customer service.
Beginning in December we saw an immediate and sizable up-tick in fraud
by easily an order of magnitude.
Statistical analysis of the fraud showed the ONLY linking factor to be
the fact that the compromised accounts were ALL using the HT502 device
AND had WAN port access enabled to the device, and we as the provider
were locked out (admin password changed, no longer provisioning from us
on scheduled interval)
After some digging and conferring with Grandstream technical gurus it
was confirmed there was a buffer overflow vulnerability that would allow
a remote attacker to change the admin password WITHOUT rebooting the
device or otherwise having any administrative access to it. Once the
password was changed the attacker could log in with the new password and
complete control. On all versions prior to 1.0.5.10 the SIP credentials
could be extracted from the admin website with the "Download config"
option. On versions up to 1.0.8.4 the sip credentials were STILL
extractable from the telnet interface if the provisioning values were
known by the attacker.
All of these vulnerabilities are fixed in version 1.0.9.1. I encourage
you to test and deploy this version ASAP.
I am sending this out in a purely advisory capacity in the hopes that
education will prevent further monetary damages. Please feel free to
contact me on or off list if you want to know more about this issue.
-Ryan
------------------------------
Message: 6
Date: Wed, 6 Feb 2013 22:27:14 +0000
From: "Jastak, Eric" <[email protected]>
To: "[email protected]" <[email protected]>,
"[email protected]" <[email protected]>
Subject: Re: [VoiceOps] SIP-to-TDM gateway appliance
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
I second the Adtran 90x series gateways. We have deployed hundreds of them.
They are great SIP-to-TDM gateways.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Faisal Imtiaz
Sent: Wednesday, February 06, 2013 2:09 PM
To: [email protected]
Subject: Re: [VoiceOps] SIP-to-TDM gateway appliance
Nathan,
Have you looked at or worked with Adtran Total Access 90x Series ?
We use them to do SIP to TDM handoff .. they have been great, and have a
tremendous amount of flexibility, and you can do all what you have listed below
with them.
Regards.
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, Fl 33155
Tel: 305 663 5518 x 232
Helpdesk: 305 663 5518 option 2 Email: [email protected]
On 2/6/2013 5:04 PM, Nathan Anderson wrote:
> I know this has been a topic of conversation in the past, but things might
> have changed since the last discussion and I'm wondering what the market is
> currently like for such devices.
>
> We deliver voice strictly via SIP/RTP, but naturally there are some potential
> customers out there that still have an older, non-IP-aware PBX that they're
> not ready to throw out yet. What are the best and most cost-effective
> gateway options out there at this time? We are specifically looking for one
> that has a single T1 interface that can operate in either CAS or PRI modes.
>
> Special requirements:
>
> 1) We need to be able to do DID manipulation between T1 and SIP; I presume
> this is a rather standard feature in most gateways given that most SIP trunk
> providers will send at least 10-digit DNIS (in the INVITE and "To" fields)
> but DNIS on PRI is often only the last 3 or 4 digits of the TN.
>
> 2) There may be certain situation where we want to leave the PBX
> configuration as untouched/unchanged as possible (drop-in replacement
> service), and where there is no correllation between target DID and the
> telephone number (e.g., 212-555-1212 is called, PBX is sent 4001). We'd like
> a gateway where static mappings like that for DID manipulation are possible,
> rather than just a general rule that says "strip the first 6 digits off
> before sending to the PRI".
>
> 3) For outgoing calls, the device needs to put the calling DID (the desired
> Caller-ID/ANI) in the PAI header, and also needs to be able to be configured
> to override "From" with a static alphanumeric value (so "From" and PAI should
> not match; "From" will not contain the desired ANI).
>
> 4) In T1 CAS singalling modes such as E&M Wink where it is possible to
> transmit CLID and target DID information via DTMF to the PBX, different PBXes
> potentially have different formats that they want to see this information in;
> for example, a Nortel Norstar would expect to see *CALLERID*DNIS* (e.g.,
> *2125550001*1212* where the caller is 212-555-0001 and the destination is
> 212-555-1212). Are there any gateways that support this?
>
> 5) It needs to have a T.38 gateway mode that can recognize a fax call, either
> send or accept a re-INVITE with a T.38 SDP as appropriate, and perform the
> "transcoding" from/to T.38 between the T1 channel and the RTP session. Just
> resorting to G.711 for fax passthrough is not desireable...any gateway can do
> that.
>
> 6) If in T1 CAS mode, and the PBX takes a channel "off-hook" to place an
> outbound call, the gateway should generate an audible dialtone.
>
> ...and, of course, it would be nice if we could find such a device <
> $1,000. :-P
>
> I know I could build one myself with a mini PC and a single-span T1 card that
> was running Asterisk 10 and easily hit that price point, but I'd rather find
> a supported, off-the-shelf solution to sell to our customers, if possible.
>
> There are the "usual suspects", of course: AdTran, MediaTrix, AudioCodes, and
> so forth. AdTran seems to get talked about a lot here. Let's say price was
> no object for a second. Does anyone know if there is a model amongst any of
> the ones these manufacturers produce that fulfills the above list of
> requirements?
>
> Does anybody have any experience with Digium's relatively new line of
> gateways (G100/G200)? I think it would support some of these scenarios (#1
> and #3) but I'm not sure about the remaining ones. Unfortunately, although
> it most certainly runs on an Asterisk core, that core is only exposed to you
> through a clever but still-limited GUI; with direct access to the dialing
> plan (extensions.conf) I could accomplish all of these things myself. The
> price is certainly right, though.
>
> If only somebody made a reasonably-priced single-board-computer that ran raw,
> embedded Asterisk and had a single-span T1 interface on it. Oh wait,
> somebody does!:
>
> http://switchvoice.com/index.php?page=shop.product_details&flypage=fly
> page-ask.tpl&product_id=9&category_id=2&option=com_virtuemart&Itemid=3
> 0
>
> http://www.odints.com/pages/prod/completesolutions/alvis-pbx/alvisfs.h
> tm
>
> Only problem is that the first company doesn't have a U.S. distributor, and
> the second doesn't have a distributor that sells in single-unit quantities.
>
> Would love to hear y'all's thoughts on this subject.
>
> Thanks,
>
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
This message and any attachments are intended only for the use of the addressee
and may contain information that is privileged and confidential. If the reader
of the message is not the intended recipient or an authorized representative of
the intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication
in error, please notify us immediately by e-mail and delete the message and any
attachments from your system.
------------------------------
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
End of VoiceOps Digest, Vol 44, Issue 5
***************************************
