[asterisk-users] cmd Authenticate
Hi, i need to save into a local variable the user's input dialed during the cmd Authenticate(). Is there a way to do it? thx rich -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] cmd Authenticate
Danny, Doug thx for the replies. According to the documentation, there is no change for Authenticate() in version 1.6.x.x. So it seems i have to use Read(). rich On Tue, Jun 29, 2010 at 3:26 PM, Doug Lytle supp...@drdos.info wrote: Coco Richard wrote: Hi, i need to save into a local variable the user's input dialed during the cmd Authenticate(). Is there a way to do it? core show application authenticate hylafax*CLI -= Info about application 'Authenticate' =- [Synopsis] Authenticate a user Options: a - Set the channels' account code to the password that is entered -- You probably could use option a. But, I'd suggest that instead of using authenticate, you code something using the read option. I use read to authenticate conference administration. [check-password] exten = s,1,Read(get-admin-password|enter-password|||3|) exten = s,n,Gotoif($[${LEN(${get-admin-password})} 1]?9:3) exten = s,n, some dialplan magic here. Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security Against brute force attack
Hi, there are several possibilities do to it REGISTER Username/Extensions Enumeration INVITE Username/Extensions Enumeration OPTION Username/Extensions Enumeration for more information: http://www.hackingvoip.com/presentations/sample_chapter3_hacking_voip.pdf rich... On Thu, Nov 19, 2009 at 12:46 AM, Rasmus Männa aster...@razu.pri.ee wrote: Hi All, I must say that there are many ways to detect password attack cause this information actually goes into logs and it's possible to analyze them. Couple of hours thinking + day or 2 creating gives a really nice result. Bad thing is that by the time someone will start guessing password with dictionary attack or brute force (it doesn't matter) he already knows what is the account name/ID. All this leads me to question which is (from my point of view) a bit more important. Is there any way to detect SIP/IAX account guessing without actually dumping UDP flow ? I tried some _hacking_ tools and these create only some logs in debug mode. Using debug is not always an option cause in some cases it creates ~5MB log in a minute - such flow is quite impossible to handle. Does anyone have any experience catching account guessing attempts automatically ? Any kind of ideas would be wonderful :) thx a lot, -- razu On 11/18/2009 10:01 PM, Ioan Indreias wrote: Hello Xavier, Unfortunately we are not aware of any Asterisk configuration which will protect against of a brute force attack on SIP. We use BFD - http://www.rfxn.com/projects/brute-force-detection/ . We have found first details here: http://engineertim.com/?cat=15 and we are currently maintaining 4 rules (SIP and IAX) . All of them could be downloaded from here: http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz We have tried to document the installation of BFD on an Asterisk server here: http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html (in Romanian) HTH, Ioan (Nini) Indreias www.modulo.ro On Mon, Nov 16, 2009 at 7:24 PM, TDF aja101...@gmail.com wrote: fail2ban http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk 2009/11/16 Xavier Mesquida xavi...@yahoo.com Has Asterisk any protection against brute force attack for SIP authentication? Something like a maximum login attempt limit Thanks ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allow Header
Hi, asterisk version is 1.4.13 rich... On Tue, Nov 10, 2009 at 7:01 AM, Tilghman Lesher tles...@digium.com wrote: On Monday 09 November 2009 15:38:54 Coco Richard wrote: i'm not sure to understand. Asterisk does support SIP INFO, so why doesn't Asterisk add the INFO Method in the 200OK Response? You must be using Asterisk 1.2. This is the only version that I could find that does not put the INFO tag into the Allow header. Asterisk 1.4 and all versions greater supply the INFO tag as standard. Given that 1.2 is in security-only fix mode now, this is not going to be changed in SVN or in any subsequent 1.2 release (if any). You're welcome to change the ALLOWED_METHODS define in the top of chan_sip.c and recompile, however. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com www.asterisk.org ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allow Header
I took a look in chan_sip.c an for 1.4.13 ALLOWED_METHODS doesn't add INFO. So I will upgrade to 1.6... thank you for the replies... rich... On Tue, Nov 10, 2009 at 9:21 AM, Coco Richard richard.kingc...@gmail.com wrote: Hi, asterisk version is 1.4.13 rich... On Tue, Nov 10, 2009 at 7:01 AM, Tilghman Lesher tles...@digium.com wrote: On Monday 09 November 2009 15:38:54 Coco Richard wrote: i'm not sure to understand. Asterisk does support SIP INFO, so why doesn't Asterisk add the INFO Method in the 200OK Response? You must be using Asterisk 1.2. This is the only version that I could find that does not put the INFO tag into the Allow header. Asterisk 1.4 and all versions greater supply the INFO tag as standard. Given that 1.2 is in security-only fix mode now, this is not going to be changed in SVN or in any subsequent 1.2 release (if any). You're welcome to change the ALLOWED_METHODS define in the top of chan_sip.c and recompile, however. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com www.asterisk.org ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Allow Header
Hi all, In the INVITE from my SIP provider to Asterisk i can see that the Allow Header includes an INFO Method, but Asterisk replies a 200 OK with an Allow Header without INFO Method. But in the RFC3261 (20.5) you can read: All methods, including ACK and CANCEL, understood by the UA MUST be included in the list of methods in the Allow header field, when present. My SIP provider seems to refuse to send SIP INFO DTMF and releases the call, because in 200 OK from * there is no INFO Method in the Allow Header. Is that correct. thx richard ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Allow Header
Hi Alex, i'm not sure to understand. Asterisk does support SIP INFO, so why doesn't Asterisk add the INFO Method in the 200OK Response? richard On Mon, Nov 9, 2009 at 6:38 PM, Alex Balashov abalas...@evaristesys.com wrote: Yes, it's correct. Asterisk needs to advertise its support of that method in order for the other UA to be willing to send messages with that request method to it. Coco Richard wrote: Hi all, In the INVITE from my SIP provider to Asterisk i can see that the Allow Header includes an INFO Method, but Asterisk replies a 200 OK with an Allow Header without INFO Method. But in the RFC3261 (20.5) you can read: All methods, including ACK and CANCEL, understood by the UA MUST be included in the list of methods in the Allow header field, when present. My SIP provider seems to refuse to send SIP INFO DTMF and releases the call, because in 200 OK from * there is no INFO Method in the Allow Header. Is that correct. thx richard ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Alex Balashov - Principal Evariste Systems Web : http://www.evaristesys.com/ Tel : (+1) (678) 954-0670 Direct : (+1) (678) 954-0671 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] RFC 3578 in Asterisk
Hi all, our asterisk is connected to a sip proxy through a sip trunk. Let's say we have following dial plan (only an example) [from_sip_proxy] exten = 36122512,1,Answer() exten = 36122512,2,VoiceMailMain() exten = 3612252,1,Answer() exten = 3612252,2,MeetMe(313,MI) exten = 3612252,3,HangUp() exten = 36122530,1,Answer() exten = 36122530,2,MusicOnHold() Overlap from pstn works fine and you can see that asterisk answers with 484 address incomplete as long there is no match. But if we change our dial plan like the following (we have different extensions with different length) [from_sip_proxy] exten = _36122.,1,Goto(local,${EXTEN:5},1) [local] exten = 512,1,Answer() exten = 512,2,VoiceMailMain() exten = 52,1,Answer() exten = 52,2,MeetMe(313,MI) exten = 52,3,HangUp() exten = 530,1,Answer() exten = 530,2,MusicOnHold() We can notice that incoming calls (e.g for 36122512) are now routed by asterisk from context [from_sip_proxy] to context [local] and overlap doesn't work anymore. The answer is 603 Declined. [CLI] Sep 4 15:15:21] WARNING[28382]: pbx.c:2450 __ast_pbx_run: Channel 'SIP/192.168.148.186-08c16fe0' sent into invalid extension '5' in context 'local', but no invalid handler [/CLI] We think that here the answer for the INVITE 361225 should also be 484 address incomplete and same thing for the next INVITE for 3612251 and finaly 100 Trying for the last INVITE 36122512. Can anyone please confirm this. thx in advance. rich ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] asterisk and 802.1Q
Hi all, How can i use different VLANs for signaling and audio, e.g vlan 100 for sip and vlan 200 for rtp? Where can i find documentations for this? Comments and suggestions are welcomed (a sample config too :-))) thx in advance rich ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users