Re: [asterisk-users] Sending RTP media to a different server than SIP Signaling
There you go. This confirms that SIP signaling determines where the calls should go. I would take their word with a grain of salt specially with their whole support center our of India. No disrespect, but it is bad service overall. -Bruce On Sat, Apr 10, 2010 at 6:32 PM, Joshua Colp jc...@digium.com wrote: - Tarek Sawah tareksa...@hotmail.com wrote: we started with them two days ago .. and we are facing plenty of False Answer cases on several destinations although ppl said they have a policy against FAS.. anyway i don't know i will be looking into another method to send the RTP to another server, The IP address (and port) of where to send audio is negotiated when the call is setup. You can't change it or specify an IP address to use. Even if you did change the IP address you would be sending it to the port associated with the session on the other media gateway. That would just not work. -- Joshua Colp Digium, Inc. | Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Sending RTP media to a different server than SIP Signaling
out* of india. On Sun, Apr 11, 2010 at 2:26 AM, bruce bruce bruceb...@gmail.com wrote: There you go. This confirms that SIP signaling determines where the calls should go. I would take their word with a grain of salt specially with their whole support center our of India. No disrespect, but it is bad service overall. -Bruce On Sat, Apr 10, 2010 at 6:32 PM, Joshua Colp jc...@digium.com wrote: - Tarek Sawah tareksa...@hotmail.com wrote: we started with them two days ago .. and we are facing plenty of False Answer cases on several destinations although ppl said they have a policy against FAS.. anyway i don't know i will be looking into another method to send the RTP to another server, The IP address (and port) of where to send audio is negotiated when the call is setup. You can't change it or specify an IP address to use. Even if you did change the IP address you would be sending it to the port associated with the session on the other media gateway. That would just not work. -- Joshua Colp Digium, Inc. | Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Sat, 10 Apr 2010 22:34:28 +0100 (BST), Gordon Henderson gordon+aster...@drogon.net wrote: Just a heads-up ... my home asterisk server is being flooded by someone from IP 184.73.17.150 which is an Amazon EC2 instance by the looks of it - they're trying to send SIP subscribes to one account - and they're flooding the requests in - it's averaging some 600Kbits/sec of incoming UDP data or about 200 a second )-: This is much worse than anything else I've seen. Same her but 184.73.17.122. Look what they did to my latency, Gordon:- http://f8lure.mouselike.org/archived_graphs/westek.bizorg.co.uk_day10.png I've had bookmarks to Fail2Ban links on my desktop for a year now. Guess I'll have to do something about it. If, hypothetically, I'd put that IP into hosts.deny - would it have stopped them? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Sun, 11 Apr 2010, David Quinton wrote: On Sat, 10 Apr 2010 22:34:28 +0100 (BST), Gordon Henderson gordon+aster...@drogon.net wrote: Just a heads-up ... my home asterisk server is being flooded by someone from IP 184.73.17.150 which is an Amazon EC2 instance by the looks of it - they're trying to send SIP subscribes to one account - and they're flooding the requests in - it's averaging some 600Kbits/sec of incoming UDP data or about 200 a second )-: This is much worse than anything else I've seen. Same her but 184.73.17.122. Ah, so not just me then. Looks like someone is (ab)using EC2 to try to hack peoples systems, and they're not doing it nicely. 200 SIP registrations a second was enough to have a big impact on my 500MHz system. Look what they did to my latency, Gordon:- http://f8lure.mouselike.org/archived_graphs/westek.bizorg.co.uk_day10.png Oddly enough my latency wasn't being affected at all - however what I was seeing was my ADSL router being cripped with 200 packets a second in out - to the extent that something would go bang inside it and it would drop the PPPoA session and then re-start. This was an old Draytek 2600 - I replaced it with a new Draytek 2820 and it was them fine. I've had bookmarks to Fail2Ban links on my desktop for a year now. Guess I'll have to do something about it. Fail2ban needs python which I won't run on a PBX, however there are many iptables runes to help anyway without the need to trawl through log-files. However, I've blocked it in the draytek aynway. The issue for me (and I suspect others) is that while we can firewall it, the data is still coming down the wires and for those of us who pay per byte transfered (or have fixed monthly caps on their broadband services) it could end up costing money or getting you cut-off. If, hypothetically, I'd put that IP into hosts.deny - would it have stopped them? /etc/hosts.deny ? No. That would not have stopped it. Although I've just checked it might - if it's using tcp-wrappers and there is a post about it http://www.mail-archive.com/asterisk-...@lists.digium.com/msg36772.html but I don't know if it's implemented yet. I emailled Amazon on their ec2-abuse address yesterday, but have not had a reply. My bet is that as long as they get the money, they don't care. My broadband ISP is slow to react to support emails of this nature and I'm not sure they would block it anyway. I know my upstream hosting ISP would block it at their borders immediately if I asked, but fortunately they've not attacked them - yet. It's still going on - and has been since 6am yesterday - that's now 26 hours. Gordon -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Sun, 11 Apr 2010 08:09:02 +0100 (BST), Gordon Henderson gordon+aster...@drogon.net wrote: Look what they did to my latency, Gordon:- http://f8lure.mouselike.org/archived_graphs/westek.bizorg.co.uk_day10.png Oddly enough my latency wasn't being affected at all - however what I was seeing was my ADSL router being cripped with 200 packets a second in out - to the extent that something would go bang inside it and it would drop the PPPoA session and then re-start. This was an old Draytek 2600 - I replaced it with a new Draytek 2820 and it was them fine. I replaced my old 2600 with a BT Business hub a few months ago. The log seemed say that there were loads of corected packets. The annoying thing is that I was (trying to) work at the time and I saw the LED flashing incessantly. I checked the ther Linux box and did a netstat and saw nothing awry, an I thought I'd done the same on the Asterisk box. Obviously I should have looked at teh log file, because it was very obvious when I looked this morning! It's still going on - and has been since 6am yesterday - that's now 26 hours. Hasn't restarted here yet Fingers crossed. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Repeated: Got SIP response 489 Bad eventback from
Hi James, Thanks for the help. 3.10 registers into my SIP server just as a normal SIP client. Yes, qualify=yes. I just tried setting that to no on my end, and I still get the message. I'll try turning it off on 3.10 too tomorrow and capture some trace too Adrian Hi All, I've two asterisk servers on the same LAN, both 1.4, and I keep getting Got SIP response 489 Bad event back from 192.168.3.10 No idea whats causing it. The only references I can find mentions NATing issues, but these are on the same LAN so NAT shouldn't be an issue. 3.10 does authenticate into the server logging the error. The error appears in the log every 1m20s (ish) Is 3.10 on a SIP trunk to the other asterisk box? Is qualify=yes on this SIP trunk? I think you'll find that if you run an ngrep/tcpdump on port 5060 on the box receiving the error it will send out an OPTIONS or NOTIFY (I can't remember which) and then you'll see the 489 Bad Event. Grab a trace of the SIP traffic and post it, its the only way to know for sure though. -- James Any ideas? Thanks, Adrian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
- Original Message - On Sun, 11 Apr 2010, David Quinton wrote: On Sat, 10 Apr 2010 22:34:28 +0100 (BST), Gordon Henderson gordon+aster...@drogon.net wrote: Just a heads-up ... my home asterisk server is being flooded by someone from IP 184.73.17.150 which is an Amazon EC2 instance by the looks of it - they're trying to send SIP subscribes to one account - and they're flooding the requests in - it's averaging some 600Kbits/sec of incoming UDP data or about 200 a second )-: This is much worse than anything else I've seen. Same her but 184.73.17.122. Ah, so not just me then. Looks like someone is (ab)using EC2 to try to hack peoples systems, and they're not doing it nicely. 200 SIP registrations a second was enough to have a big impact on my 500MHz system. Look what they did to my latency, Gordon:- http://f8lure.mouselike.org/archived_graphs/westek.bizorg.co.uk_day10.png Oddly enough my latency wasn't being affected at all - however what I was seeing was my ADSL router being cripped with 200 packets a second in out - to the extent that something would go bang inside it and it would drop the PPPoA session and then re-start. This was an old Draytek 2600 - I replaced it with a new Draytek 2820 and it was them fine. I've had bookmarks to Fail2Ban links on my desktop for a year now. Guess I'll have to do something about it. Fail2ban needs python which I won't run on a PBX, however there are many iptables runes to help anyway without the need to trawl through log-files. However, I've blocked it in the draytek aynway. The issue for me (and I suspect others) is that while we can firewall it, the data is still coming down the wires and for those of us who pay per byte transfered (or have fixed monthly caps on their broadband services) it could end up costing money or getting you cut-off. If, hypothetically, I'd put that IP into hosts.deny - would it have stopped them? /etc/hosts.deny ? No. That would not have stopped it. Although I've just checked it might - if it's using tcp-wrappers and there is a post about it http://www.mail-archive.com/asterisk-...@lists.digium.com/msg36772.html but I don't know if it's implemented yet. I emailled Amazon on their ec2-abuse address yesterday, but have not had a reply. My bet is that as long as they get the money, they don't care. My broadband ISP is slow to react to support emails of this nature and I'm not sure they would block it anyway. I know my upstream hosting ISP would block it at their borders immediately if I asked, but fortunately they've not attacked them - yet. It's still going on - and has been since 6am yesterday - that's now 26 hours. Gordon Gordon, I have one a while ago hitting my system from EC2. Like yourself I did report it though it took about 24 hours for them to get back to me. They asked for proof that the attack was from one of their IP spaces. I sent the necessary information and the attack did stop. It would be nice if they reacted a bit quicker; though I guess it depends on how many people are reporting issues. In the end I set up OSSEC (http://www.ossec.net) and wrote a rule that would monitor for failed SIP registrations. If a few occurred within a short space of time the Active Response kicks in and blocks the IP address using IPTables. -- Thanks, Phil -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Gordon Henderson a écrit : Just a heads-up ... my home asterisk server is being flooded by someone from IP 184.73.17.150 which is an Amazon EC2 instance by the looks of it - they're trying to send SIP subscribes to one account - and they're flooding the requests in - it's averaging some 600Kbits/sec of incoming UDP data or about 200 a second )-: This is much worse than anything else I've seen. List of Amazon IP's from which we already have been attacked on several of our servers in Europe (blocked with Fail2Ban): 75.101.195.70 79.125.30.56 184.72.6.92 184.73.70.8 184.73.21.31 184.73.16.184 204.236.169.224 We also faced attack from China, Germany, Romania, Israel and Palestine -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Sun, 11 Apr 2010, --[ UxBoD ]-- wrote: In the end I set up OSSEC (http://www.ossec.net) and wrote a rule that would monitor for failed SIP registrations. If a few occurred within a short space of time the Active Response kicks in and blocks the IP address using IPTables. -- Thanks, Phil Cheers - but it's not blocking that's the real issue, that's trivial in my router or on the PBX, it's that my monthly ADSL data cap is being used up and my ISP is not responding (actually, they might if I phone them, but it's not desperate right now as I'm unlimited at the weekend), and neither is Amazon. My currently monthly peak-time cap is 45GB - 8am to 8pm and they seem to be eating up some 7-10GB a day... So I might actually be OK and can just weather it out, but it's still annoying. I'm tempted to just block all of Amazons EC2 and say to hell with them. Shouldn't be too hard to track them down - eg. from whois on that IP: NetRange: 72.44.32.0 - 72.44.63.255 CIDR: 72.44.32.0/19 NetName:AMAZON-EC2-2 NetRange: 75.101.128.0 - 75.101.255.255 CIDR: 75.101.128.0/17 NetName:AMAZON-EC2-4 NetRange: 67.202.0.0 - 67.202.63.255 CIDR: 67.202.0.0/18 NetName:AMAZON-EC2-3 NetRange: 174.129.0.0 - 174.129.255.255 CIDR: 174.129.0.0/16 NetName:AMAZON-EC2-5 NetRange: 204.236.128.0 - 204.236.255.255 CIDR: 204.236.128.0/17 NetName:AMAZON-EC2-6 NetRange: 184.72.0.0 - 184.73.255.255 CIDR: 184.72.0.0/15 NetName:AMAZON-EC2-7 (so much for running out of ipv4 address space when amazon has millions) And there are well knowing published lists from all chinese hosts, etc. too. Easy enough too cook up iptables to allow data from sites I connect out to, but block all incoming new connections. Gordon -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
My experience is that as long as the hackers are getting any kind of response from your server, they'll keep their attack on, in a hope that they'll get into your system sooner or later. After all it is just some computers doing the work for them, no human is phycally getting tired here. This is why when you block them in your iptables, and they stop getting response from your end, i.e. no ping reply, no sip response, nothing basically, then they eventually take their attack somewhere else probably because they (or their hack attempt software) either assume that the ip they were attacking is no longer valid for the attack or the user has taken enough security measures that attacking him is not worth the effort. On the contrary, my experience, if you don't block them, eventually attacks increase. Probably they let their other hacker friends know too that your server is a good candidate for hack attempt. Obvoiously its only the ISPs who can truly stop such attacks by blocking them at their routers. If the hackers decide to keep bugging you, unfortunately nothing can you do to protect your bandwdith waste. But I wonder if one's router doesn't respond back, e.g. it is physically off, and someone is doing such an attack, do the ISPs still consider it bandwidth usage? Zeeshan A Zakaria -- Sent from my Android phone with K-9 Mail. On 2010-04-11 7:41 AM, Gordon Henderson gordon+aster...@drogon.netgordon%2baster...@drogon.net wrote: On Sun, 11 Apr 2010, --[ UxBoD ]-- wrote: In the end I set up OSSEC (http://www.ossec.net) and wr... Cheers - but it's not blocking that's the real issue, that's trivial in my router or on the PBX, it's that my monthly ADSL data cap is being used up and my ISP is not responding (actually, they might if I phone them, but it's not desperate right now as I'm unlimited at the weekend), and neither is Amazon. My currently monthly peak-time cap is 45GB - 8am to 8pm and they seem to be eating up some 7-10GB a day... So I might actually be OK and can just weather it out, but it's still annoying. I'm tempted to just block all of Amazons EC2 and say to hell with them. Shouldn't be too hard to track them down - eg. from whois on that IP: NetRange: 72.44.32.0 - 72.44.63.255 CIDR: 72.44.32.0/19 NetName:AMAZON-EC2-2 NetRange: 75.101.128.0 - 75.101.255.255 CIDR: 75.101.128.0/17 NetName:AMAZON-EC2-4 NetRange: 67.202.0.0 - 67.202.63.255 CIDR: 67.202.0.0/18 NetName:AMAZON-EC2-3 NetRange: 174.129.0.0 - 174.129.255.255 CIDR: 174.129.0.0/16 NetName:AMAZON-EC2-5 NetRange: 204.236.128.0 - 204.236.255.255 CIDR: 204.236.128.0/17 NetName:AMAZON-EC2-6 NetRange: 184.72.0.0 - 184.73.255.255 CIDR: 184.72.0.0/15 NetName:AMAZON-EC2-7 (so much for running out of ipv4 address space when amazon has millions) And there are well knowing published lists from all chinese hosts, etc. too. Easy enough too cook up iptables to allow data from sites I connect out to, but block all incoming new connections. Gordon -- _ -- Bandwidth and Colocati... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Remote registering fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Alyed. On Sun, 11 Apr 2010, Alyed wrote: Daniel, you are having a problem often seen in pre 1.4.14 versions. Before this release srvlookup=no was the default for sip.conf and guess the same for iax.conf . So if you are working with a previous release just add this parameter .. but change it to serverlookup=yes under your iax.conf [general] section. Sorry, the parameter should be. srvlookup=yes I'm using Asterisk 1.4.24.1. Anyway, I was seeing the file sip.conf and yes I have srvlookup=yes in [general]. In iax.conf it is not defined explicitly, so I suppose that it will be taking the value by default. The context that I'm using for the local extensions is not [general]. Can it have to do? Thanks for your reply. Regards, Daniel -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkvBw+sACgkQZpa/GxTmHTcdFQCfWiXsyRQ85s1fy9Ygb+IhlGGy 8kgAniMCjFLfZoyrEKKxao4FcRLsXTil =ltqS -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Sun, 11 Apr 2010, Zeeshan Zakaria wrote: My experience is that as long as the hackers are getting any kind of response from your server, they'll keep their attack on, in a hope that they'll get into your system sooner or later. After all it is just some computers doing the work for them, no human is phycally getting tired here. This is why when you block them in your iptables, and they stop getting response from your end, i.e. no ping reply, no sip response, nothing basically, then they eventually take their attack somewhere else probably because they (or their hack attempt software) either assume that the ip they were attacking is no longer valid for the attack or the user has taken enough security measures that attacking him is not worth the effort. On the contrary, my experience, if you don't block them, eventually attacks increase. Probably they let their other hacker friends know too that your server is a good candidate for hack attempt. Very probably true... Obvoiously its only the ISPs who can truly stop such attacks by blocking them at their routers. If the hackers decide to keep bugging you, unfortunately nothing can you do to protect your bandwdith waste. But I wonder if one's router doesn't respond back, e.g. it is physically off, and someone is doing such an attack, do the ISPs still consider it bandwidth usage? Intersting - I'm not sure. Currently my router isn't responding, but it still has to soak up the packet, and as it's being counted from the ISPs end, it's probably being 'counted' towards my allowance. I don't particularly want to turn it off though - I do all sorts of automated backups, etc. overnight as well as monitoring of my hosted servers, customers, etc However, I've just had a reply back from Amazon to say that they have contacted the hosts owner - but that was just over an hour ago, and when I removed the firewall rules, they're still trying )-: Is there any way to sniff the SIP password they're trying? It'd be intersting to see what passwords they're guessing - they're trying just one account rather than accounts at random. I've played with sipdump and sipcrack - looks like they're trying a different password each time though. Ho hum. Gordon -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Hello to everyone! Same here (Vienna, Austria). I had this attack yesterday 6am (local time) from IP 216.105.128.63 whois 216.105.128.63 returns: OrgName:Globalvision OrgID: ACSIN-3 Address:78 Global Drive Address:Suite 101 City: Greenville StateProv: SC PostalCode: 29607 Country:US NetRange: 216.105.128.0 - 216.105.159.255 CIDR: 216.105.128.0/19 NetName:ACSINC-BLK-1 NetHandle: NET-216-105-128-0-1 Parent: NET-216-0-0-0-0 NetType:Direct Allocation NameServer: NS1.ACSINC.NET NameServer: NS2.ACSINC.NET Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate:1998-10-19 Updated:2004-12-08 OrgTechHandle: HOSTM560-ARIN OrgTechName: Hostmaster OrgTechPhone: +1-864-467-1333 OrgTechEmail: hostmas...@acsinc.net In my case, the attack started at 05:57:45. Asterisk: 1.2.12.1 They sent 14.288 Register requests trying some common users like test,admin,sip,user,123,1234, and so on. Then they started just counting up from user 0 (0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,.) and this way, they found valid users until 05:59:09 which is 1 minute and 24 seconds or 170 Registers/second After that, they started to send 66.267 registers until 06:24:08 only with the found users with random password combinations. 66.267 reg / 1.499 seconds = 44 regs/second A classic brute force attack. Interesting that the password attacks came slower than the userid attacks... At 6:24:23 asterisk obviously crashed because there wered no more log entries. I noticed the incident because my office phone number was not reachable when I tried in the morning. My phones (SNOMs) all are on the same LAN within a 192.168.X.X adress range. I wonder if everything would become a little bit more secure if define them with host=192.168.X.X in sip.conf instead of host=dynamic. I tried it as a quick shot but it didn't work as they still try to register. Does someone know if this was possible and where/how to configure it on the snom side? greetings, Norbert -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Hi! My phones (SNOMs) all are on the same LAN within a 192.168.X.X adress range. I wonder if everything would become a little bit more secure if define them with host=192.168.X.X in sip.conf instead of host=dynamic. I tried it as a quick shot but it didn't work as they still try to register. Does someone know if this was possible and where/how to configure it on the snom side? Unfortunately you cannot tell the SNOM to not register for an active identity - at least not in the web UI. :-( Instead use permit/deny in sip.conf for your SIP clients, and most importantly: Use strong (and long) passwords. Philipp -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
I don't k know if there is a tool to sniff passwords, but did you check in /va/log/asterisk/full? Maybe wireshark can be used for this purpose, but it'll be not that straight forward. Interestingly I checked log of my server and found out that I was also under attack yesterday by an Amazon cloud server, IP 184.73.53.22. Thanks to fail2ban the IP was blocked. But I guess I am now used to these attacks as it is a routine now and so far fail2ban is working fine for me. But my server (and now yours too) is in some hackers list of asterisk favourites and will keep getting under attack. I'll now send an email to Amazon. Zeeshan A Zakaria -- Sent from my Android phone with K-9 Mail. On 2010-04-11 9:42 AM, Norbert Zawodsky norb...@zawodsky.at wrote: Hello to everyone! Same here (Vienna, Austria). I had this attack yesterday 6am (local time) from IP 216.105.128.63 whois 216.105.128.63 returns: OrgName:Globalvision OrgID: ACSIN-3 Address:78 Global Drive Address:Suite 101 City: Greenville StateProv: SC PostalCode: 29607 Country:US NetRange: 216.105.128.0 - 216.105.159.255 CIDR: 216.105.128.0/19 NetName:ACSINC-BLK-1 NetHandle: NET-216-105-128-0-1 Parent: NET-216-0-0-0-0 NetType:Direct Allocation NameServer: NS1.ACSINC.NET NameServer: NS2.ACSINC.NET Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate:1998-10-19 Updated:2004-12-08 OrgTechHandle: HOSTM560-ARIN OrgTechName: Hostmaster OrgTechPhone: +1-864-467-1333 OrgTechEmail: hostmas...@acsinc.net In my case, the attack started at 05:57:45. Asterisk: 1.2.12.1 They sent 14.288 Register requests trying some common users like test,admin,sip,user,123,1234, and so on. Then they started just counting up from user 0 (0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,.) and this way, they found valid users until 05:59:09 which is 1 minute and 24 seconds or 170 Registers/second After that, they started to send 66.267 registers until 06:24:08 only with the found users with random password combinations. 66.267 reg / 1.499 seconds = 44 regs/second A classic brute force attack. Interesting that the password attacks came slower than the userid attacks... At 6:24:23 asterisk obviously crashed because there wered no more log entries. I noticed the incident because my office phone number was not reachable when I tried in the morning. My phones (SNOMs) all are on the same LAN within a 192.168.X.X adress range. I wonder if everything would become a little bit more secure if define them with host=192.168.X.X in sip.conf instead of host=dynamic. I tried it as a quick shot but it didn't work as they still try to register. Does someone know if this was possible and where/how to configure it on the snom side? greetings, Norbert -- _ -- Bandwidth and Colocati... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Apr 11, 2010, at 10:06 AM, Zeeshan Zakaria wrote: I don't k know if there is a tool to sniff passwords, but did you check in /va/log/asterisk/full? Maybe wireshark can be used for this purpose, but it'll be not that straight forward. Interestingly I checked log of my server and found out that I was also under attack yesterday by an Amazon cloud server, IP 184.73.53.22. Thanks to fail2ban the IP was blocked. But I guess I am now used to these attacks as it is a routine now and so far fail2ban is working fine for me. But my server (and now yours too) is in some hackers list of asterisk favourites and will keep getting under attack. I'll now send an email to Amazon. Zeeshan A Zakaria -- We were also attacked from 184.73.53.2 yesterday and sent an email to their abuse (with no response). The interesting thing about this attack, was instead of just making registration attempts, it also tried to call extensions first... our dialplan doesn't allow for either but was unusual in that most aren't trying to dial an extension before regging them. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
--[ UxBoD ]-- uxbod at splatnix.net writes: - Original Message - On Sun, 11 Apr 2010, David Quinton wrote: On Sat, 10 Apr 2010 22:34:28 +0100 (BST), Gordon Henderson gordon+asterisk at drogon.net wrote: Just a heads-up ... my home asterisk server is being flooded by someone from IP 184.73.17.150 which is an Amazon EC2 instance by the looks of it - they're trying to send SIP subscribes to one account - and they're flooding the requests in - it's averaging some 600Kbits/sec of incoming UDP data or about 200 a second )-: This is much worse than anything else I've seen. Same her but 184.73.17.122. Ah, so not just me then. Looks like someone is (ab)using EC2 to try to hack peoples systems, and they're not doing it nicely. 200 SIP registrations a second was enough to have a big impact on my 500MHz system. Look what they did to my latency, Gordon:- http://f8lure.mouselike.org/archived_graphs/westek.bizorg.co.uk_day10.png Oddly enough my latency wasn't being affected at all - however what I was seeing was my ADSL router being cripped with 200 packets a second in out - to the extent that something would go bang inside it and it would drop the PPPoA session and then re-start. This was an old Draytek 2600 - I replaced it with a new Draytek 2820 and it was them fine. I've had bookmarks to Fail2Ban links on my desktop for a year now. Guess I'll have to do something about it. Fail2ban needs python which I won't run on a PBX, however there are many iptables runes to help anyway without the need to trawl through log-files. However, I've blocked it in the draytek aynway. The issue for me (and I suspect others) is that while we can firewall it, the data is still coming down the wires and for those of us who pay per byte transfered (or have fixed monthly caps on their broadband services) it could end up costing money or getting you cut-off. If, hypothetically, I'd put that IP into hosts.deny - would it have stopped them? /etc/hosts.deny ? No. That would not have stopped it. Although I've just checked it might - if it's using tcp-wrappers and there is a post about it http://www.mail-archive.com/asterisk-dev at lists.digium.com/msg36772.html but I don't know if it's implemented yet. I emailled Amazon on their ec2-abuse address yesterday, but have not had a reply. My bet is that as long as they get the money, they don't care. My broadband ISP is slow to react to support emails of this nature and I'm not sure they would block it anyway. I know my upstream hosting ISP would block it at their borders immediately if I asked, but fortunately they've not attacked them - yet. It's still going on - and has been since 6am yesterday - that's now 26 hours. Gordon Gordon, I have one a while ago hitting my system from EC2. Like yourself I did report it though it took about 24 hours for them to get back to me. They asked for proof that the attack was from one of their IP spaces. I sent the necessary information and the attack did stop. It would be nice if they reacted a bit quicker; though I guess it depends on how many people are reporting issues. In the end I set up OSSEC (http://www.ossec.net) and wrote a rule that would monitor for failed SIP registrations. If a few occurred within a short space of time the Active Response kicks in and blocks the IP address using IPTables. Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Its a good idea tos setup Fail2ban, instructions for which are on voip-info.org. It at least blocks such IP addresses, hopefully prompting the attackers to move their attack somewhere else and leave you alone. I personally use Fail2ban, it works but wont keep you from flooding your line. My last attacker kept trying for 3 days Another good idea is to lookup in whois database this IP address and see if you can find contact info for the person responsible for this IP address. Then contact them and let them know about this incident. You can also try to ask your ISP if they can block it on their end. Fail2ban can send you a Whois info about every blocked IP. Im just not sure if any kind of reporting will help :-( Zeeshan A Zakaria Martin L -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk in Debian/Lenny without Junghanns.net support?
Hi! Asterisk in Debian/Lenny claims to be bristuffed, not? At least the the Debian patch tracking system shows the bristuff-patches: [1] http://bit.ly/bRRHe7 We have a QuadBRI-Card and recently needed support from Junghanns.net but they refused telling us there is no bristuff installed because of the show version output: *CLI show version Asterisk 1.4.21.2~dfsg-3+lenny1 built by pbuilder @ grnetbox on a x86_64 running Linux on 2009-12-14 19:04:56 UTC Why was the bristuffed line removed? Debian/Etch did have that postfix. After telling them Debian/Lenny IS bristuffed they said this installation method is not supported. Huh?! Does anyone has a comment on this? Greetings, - Darsha P.s.: X-Posted to debian-user and asterisk-user list. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
I always report at least. This is still better than not bringing it to their attention. I once worked in the NOC of a big data centre of a major ISP, and we often get calls regarding IPs from our data centers involved in spams and hacks, but unless there were a number of complaints, nobody had time or resources to dedicate them on verifying the validity of individual complaints and take some action. Zeeshan A Zakaria -- Sent from my Android phone with K-9 Mail. On 2010-04-11 1:41 PM, Martin r...@atlas.cz wrote: Its a good idea tos setup Fail2ban, instructions for which are on voip-info.org. It at least bloc... I personally use Fail2ban, it works but wont keep you from flooding your line. My last attacker kept trying for 3 days Another good idea is to lookup in whois database this IP address and see if you can find contact... Fail2ban can send you a Whois info about every blocked IP. Im just not sure if any kind of reporting will help :-( Zeeshan A Zakaria Martin L -- _ -- Bandwidth and Colocation Pr... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk in Debian/Lenny without Junghanns.net support?
On Sun, Apr 11, 2010 at 07:45:34PM +0200, Darshaka Pathirana wrote: Hi! Asterisk in Debian/Lenny claims to be bristuffed, not? At least the the Debian patch tracking system shows the bristuff-patches: [1] http://bit.ly/bRRHe7 We have a QuadBRI-Card and recently needed support from Junghanns.net but they refused telling us there is no bristuff installed because of the show version output: *CLI show version Asterisk 1.4.21.2~dfsg-3+lenny1 built by pbuilder @ grnetbox on a x86_64 running Linux on 2009-12-14 19:04:56 UTC Why was the bristuffed line removed? Debian/Etch did have that postfix. Simple answer: http://patch-tracker.debian.org/package/asterisk/1:1.4.21.2~dfsg-3+lenny1 So they are mostly bristuff. However they include other fixes (including some fixes that were never accepted by Junghanns due to bad communication). There are some other changes apart from the bristuff fixes and we can't simply call it bristuffed. After telling them Debian/Lenny IS bristuffed they said this installation method is not supported. Huh?! I cannot comment on that, for obvious reasons. P.s.: X-Posted to debian-user and asterisk-user list. (Answering both, as I'm on both, though I prefer asterisk-users) -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Am 11.04.2010 17:05, schrieb Mark Smith: Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. Hi Mark! your little iptables magic is a very good idea! Implementation took 1 minute :-) I'll use it until a better idea comes up ... (which I don't expect within a short term) Thank you! Norbert -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Hi, This is exactly what I've just joined this mailing list about. Has anyone has any luck getting Amazon to stop the instances? I'm stuck with around 700Kbps of my 2.5Mbps inbound in use as my firewall blocks the requests as below. Cheers, Tom -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Norbert Zawodsky Sent: 11 April 2010 20:57 To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Being attacked by an Amazon EC2 ... Am 11.04.2010 17:05, schrieb Mark Smith: Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. Hi Mark! your little iptables magic is a very good idea! Implementation took 1 minute :-) I'll use it until a better idea comes up ... (which I don't expect within a short term) Thank you! Norbert -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Norbert Zawodsky norbert at zawodsky.at writes: Am 11.04.2010 17:05, schrieb Mark Smith: Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. Hi Mark! your little iptables magic is a very good idea! Implementation took 1 minute I'll use it until a better idea comes up ... (which I don't expect within a short term) Thank you! Norbert Hi Norbert An absolute pleasure. It goes without saying the best idea is for Amazon to realise it's systems are being abused by this type of moron and shut them down, once and for all. It's all very good offering cloud-computing services but more responsibility needs to be enforced by the provider. The iptables solution is obviously not the ultimate solution to the problem but it don't half stop the devastating consequences of it such as very poor latency and jittery phone-calls due to the crippled upstreamed. Kindest regards Mark Smith MSIT Group Ltd -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
FWIW, we're seeing similar attacks. The below is what I posted on NANOG earlier, which summarizes Amazon's stellar abuse response. I've also received an off-list e-mail from someone who was getting hit with 6Gbps of traffic from them (and was not able to reach anyone there either). Time to start blocking them at the edge. Let their customers complain to them instead. -Original Message- From: Erik L Sent: April 11, 2010 10:38 To: na...@nanog.org Subject: Seeking Amazon EC2 abuse contact Could someone from Amazon EC2 please contact me off-list regarding an abuse issue from one of their IPs? Alternatively, could someone please send me the contact details of someone there? E-mailing the abuse e-mail listed in WHOIS per their instructions, including all pertinent data, results in an auto-reply indicating to use a form on their site. Submitting the form results in There has been an error while submitting your data. Please try again later. Calling their supposed NOC (as per WHOIS) results in You have reached the legal department at Amazon...please leave a message. Thanks -- Erik Caneris Inc. Tel: 647-723-6365 Fax: 647-723-5365 Toll-free: 1-888-444-8843 www.caneris.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 We reported abuse Saturday morning... As of yet, no change in traffic. I have sent requests upstream to filter all UDP/5060 traffic from EC-2 range to stop the DDOS that we are under, but have only gotten 2 of our 4 providers to comply. At this point, I guess well all just ride it out... Stu Tom Stordy-Allison wrote: Hi, This is exactly what I've just joined this mailing list about. Has anyone has any luck getting Amazon to stop the instances? I'm stuck with around 700Kbps of my 2.5Mbps inbound in use as my firewall blocks the requests as below. Cheers, Tom -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Norbert Zawodsky Sent: 11 April 2010 20:57 To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Being attacked by an Amazon EC2 ... Am 11.04.2010 17:05, schrieb Mark Smith: Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. Hi Mark! your little iptables magic is a very good idea! Implementation took 1 minute :-) I'll use it until a better idea comes up ... (which I don't expect within a short term) Thank you! Norbert -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJLwi4rAAoJEFKVLITDJSGSrY4QAL1KGKvm1vZIskueMyV0Heau 3/IbbdHNYxWIj6xTm9bYH9b7DzQjiRx88Ox3vFppnXf3AR9+qD0hUSaaQwJBwNJp LJ33vCqXGURjbib9tJkjzNJo3pz7FUS6rzwffpoVrzXmobrPJRmHSFswB3gKmXO5 UD6UrbY/SHuq1oJZG07F4cTyA2Dssq/T7eQiNG9ZcH3w4BW7ZBurbELFDIzfjF81 5d5/n7+9f4fg8R95YjBM+qnZYK74Ht2JPr27XmFxn2XGOrCgPyWe605j4fGm9sr8 LIpnDx/KN9cLQpGyzauF7xuv9TZj1F81RVYFg3Gms6k8MsPj0B6tKguASiSb8efq d9goqG0lrQEcef/B2PLGD3yOjenpSDGFk9dLItWxnaJX3l0QhuK8nlNkuRiqTyrT Vp74ky5ewDb+YxoowA/gfosyWLx/YfaN9N6fizUXabJZPffzAI7PqAEChZje14r4 lobsN4BWFTt80IqfEdmwQUcMiyktXmtkTsN1YbS7GYKbAPeNdArpvCFar8yKSla6 JsbCFSUelmodj4mU85ZmgHBup6u5NTiq4Z5FVUQvFrL5P79J9IGr9ewiz+/DzyDK 2f2MA/6P9a3hoBauGdU+FBvSP4TMp75Ntho28IHyRIz2Zz3FHedAcuIPavO+AbHv EQ4ocAwQBX6fJvpYQwIm =I4n1 -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
Yeah - I've reported it to the EC2 abuse address about 10 hours ago, with no response as of yet. I'm waiting on my ISP to see if they can block anything further upstream. I should be lucky it's not 6Gbps like some! Cheers, Tom -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Stuart Sheldon Sent: 11 April 2010 21:17 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Being attacked by an Amazon EC2 ... -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 We reported abuse Saturday morning... As of yet, no change in traffic. I have sent requests upstream to filter all UDP/5060 traffic from EC-2 range to stop the DDOS that we are under, but have only gotten 2 of our 4 providers to comply. At this point, I guess well all just ride it out... Stu Tom Stordy-Allison wrote: Hi, This is exactly what I've just joined this mailing list about. Has anyone has any luck getting Amazon to stop the instances? I'm stuck with around 700Kbps of my 2.5Mbps inbound in use as my firewall blocks the requests as below. Cheers, Tom -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Norbert Zawodsky Sent: 11 April 2010 20:57 To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Being attacked by an Amazon EC2 ... Am 11.04.2010 17:05, schrieb Mark Smith: Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. Hi Mark! your little iptables magic is a very good idea! Implementation took 1 minute :-) I'll use it until a better idea comes up ... (which I don't expect within a short term) Thank you! Norbert -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJLwi4rAAoJEFKVLITDJSGSrY4QAL1KGKvm1vZIskueMyV0Heau 3/IbbdHNYxWIj6xTm9bYH9b7DzQjiRx88Ox3vFppnXf3AR9+qD0hUSaaQwJBwNJp LJ33vCqXGURjbib9tJkjzNJo3pz7FUS6rzwffpoVrzXmobrPJRmHSFswB3gKmXO5 UD6UrbY/SHuq1oJZG07F4cTyA2Dssq/T7eQiNG9ZcH3w4BW7ZBurbELFDIzfjF81 5d5/n7+9f4fg8R95YjBM+qnZYK74Ht2JPr27XmFxn2XGOrCgPyWe605j4fGm9sr8 LIpnDx/KN9cLQpGyzauF7xuv9TZj1F81RVYFg3Gms6k8MsPj0B6tKguASiSb8efq d9goqG0lrQEcef/B2PLGD3yOjenpSDGFk9dLItWxnaJX3l0QhuK8nlNkuRiqTyrT Vp74ky5ewDb+YxoowA/gfosyWLx/YfaN9N6fizUXabJZPffzAI7PqAEChZje14r4 lobsN4BWFTt80IqfEdmwQUcMiyktXmtkTsN1YbS7GYKbAPeNdArpvCFar8yKSla6 JsbCFSUelmodj4mU85ZmgHBup6u5NTiq4Z5FVUQvFrL5P79J9IGr9ewiz+/DzyDK 2f2MA/6P9a3hoBauGdU+FBvSP4TMp75Ntho28IHyRIz2Zz3FHedAcuIPavO+AbHv EQ4ocAwQBX6fJvpYQwIm =I4n1 -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Apr 11, 2010, at 4:06 PM, Tom Stordy-Allison wrote: Hi, This is exactly what I've just joined this mailing list about. Has anyone has any luck getting Amazon to stop the instances? I'm stuck with around 700Kbps of my 2.5Mbps inbound in use as my firewall blocks the requests as below. Cheers, Tom I can't even get them to acknowledge my complaints. ---fred http://qxork.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] mISDN installation via yum
HI, I tried to install asterisk and mISDN via http://www.asterisk.org/downloads/yum My machine is running with kernel-2.6.18-164.15.1.el5.i686 # grep kernel /var/log/yum.log Mar 21 16:09:28 Installed: kernel-2.6.18-164.15.1.el5.i686 Mar 21 16:09:42 Installed: kernel-devel-2.6.18-164.15.1.el5.i686 I've installed the following packages: # yum install asterisk16-misdn mISDN mISDNuser kmod-mISDN After installation I tried to scan my card: # service mISDN scan 1 mISDN compatible device(s) found: avmfritz In a further step I tried to configure the card: # service mISDN config Writing /etc/mISDN.conf for 1 mISDN compatible device(s): avmfritz If I try to start the daemon, I can read: # service mISDN start -- Loading mISDN modules -- /sbin/modprobe --ignore-install capi /sbin/modprobe --ignore-install mISDN_core debug=0 FATAL: Module mISDN_core not found. /sbin/modprobe --ignore-install mISDN_l1 debug=0 FATAL: Module mISDN_l1 not found. /sbin/modprobe --ignore-install mISDN_l2 debug=0 FATAL: Module mISDN_l2 not found. /sbin/modprobe --ignore-install l3udss1 debug=0 FATAL: Module l3udss1 not found. /sbin/modprobe --ignore-install mISDN_capi FATAL: Module mISDN_capi not found. /sbin/modprobe --ignore-install avmfritz protocol=0x2 layermask=0xf FATAL: Module avmfritz not found. /sbin/modprobe --ignore-install mISDN_dsp debug=0 options=0 FATAL: Module mISDN_dsp not found. creating device node: /dev/mISDN Syslog reports: Apr 11 22:45:04 office kernel: CAPI Subsystem Rev 1.1.2.8 Apr 11 22:45:04 office kernel: capifs: Rev 1.1.2.3 Apr 11 22:45:04 office kernel: capi20: Rev 1.1.2.7: started up with major 68 (middleware+capifs) I think my problem is my wrong kernel and my kernel-moduls: Kernels is kernel-2.6.18-164.15.1.el5.i686 But if I look into the packages kmod-mISDN I can see: # rpm -iql kmod-mISDN Name: kmod-mISDN Relocations: (not relocatable) Version : 1.1.7.2 Vendor: beroNet GmbH Release : 3_centos5.2.6.18_164.11.1.el5 Build Date: Mi 20 Jan 2010 22:04:22 CET Install Date: So 11 Apr 2010 22:43:01 CEST Build Host: localhost.localdomain Group : System Environment/Kernel Source RPM: mISDN-kmod-1.1.7.2-3_centos5.2.6.18_164.11.1.el5.src.rpm Size: 8450882 License: GPL Signature : (none) Packager: Jason Parker jpar...@digium.com URL : http://www.misdn.org/ Summary : mISDN kernel module(s) Description : This package provides the mISDN kernel modules built for the Linux kernel 2.6.18-164.11.1.el5 for the i686 family of processors. /lib/modules/2.6.18-164.11.1.el5 /lib/modules/2.6.18-164.11.1.el5/extra /lib/modules/2.6.18-164.11.1.el5/extra/avmfritz.ko /lib/modules/2.6.18-164.11.1.el5/extra/hfcmulti.ko /lib/modules/2.6.18-164.11.1.el5/extra/hfcpci.ko /lib/modules/2.6.18-164.11.1.el5/extra/hfcsmini.ko /lib/modules/2.6.18-164.11.1.el5/extra/hfcsusb.ko /lib/modules/2.6.18-164.11.1.el5/extra/l3udss1.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_capi.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_core.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_debugtool.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_dsp.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_dtmf.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_isac.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_l1.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_l2.ko /lib/modules/2.6.18-164.11.1.el5/extra/mISDN_x25dte.ko /lib/modules/2.6.18-164.11.1.el5/extra/sedlfax.ko /lib/modules/2.6.18-164.11.1.el5/extra/w6692pci.ko /lib/modules/2.6.18-164.11.1.el5/extra/xhfc.ko 2.6.18-164.11 vs. 2.6.18-164.15 is not O.k., isn't it? Any idea what went wrong else? But where's the right kernel-module-package, witch I can install via yum. Or is it better, to install mISDN from scratch how I've done in the past? Any hint an help is welcome! ttyl, Django -- Bonnie Clyde der Postmaster-Szene! approved by Postfix-God http://wetterstation-pliening.info http://dokuwiki.nausch.org smime.p7s Description: S/MIME cryptographic signature -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Fax Over PRI connected to a Sangoma card - Fax machines connected to Sip Mediant AudioCode
Thanks James, What i need is to make the fax machines connected to the audiocodes mediant 1000 be able to send and receive fax throught Asterisk (connected to a pri) I know it's not reliable, but it should work at leaste, what should i do on Asterisk and Mediant to make this work? Im quite confuse with all these fax issues :S Thanks in advance Message: 11 Date: Fri, 9 Apr 2010 17:30:23 -0700 From: James Lamanna jlama...@gmail.com Subject: Re: [asterisk-users] Fax Over PRI connected to a Sangoma card - Fax machines connected to Sip Mediant AudioCodes To: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Message-ID: x2saa4c40ff1004091730p192f37det33a5283a4ca85...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 On Fri, Apr 9, 2010 at 5:17 PM, Danny Dias ing.diasda...@gmail.com wrote: Hello my friends, I want to make fax work in the following scenario: My versions are: Asterisk 1.4.21.2 WANPIPE Release: 3.4.7 Zaptel Version: 1.4.11 libpri version: 1.4.5 Digium Card TDM 410P The E1 pri is connected to our Sangoma A102DE, we also have a SIP Mediant Audiocodes 1000 where we have some fax machines connected to fxs ports, what we need is to make fax machines through mediant send faxes to the pstn (through E1 PRI) and viceversa... What should we do to make this work properly? what parameters in zapata? mediant 1000? Thanks in advance for all your help! I've had fairly good success with faxing using Asterisk + Hylafax. I haven't tried any of the built-in Asterisk faxing programs yet because I designed this setup before the newest revisions, when Asterisk + built-in faxing was not working well. What I do is run Hylafax on the same machine as Asterisk, and then run IAXModem to do the communication between the 2. There's a lot of documentation online about how to set this up. -- James -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: ? ? ? ? ? ? ? http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: ? http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Problems with Fax over TDM410P
Hi asterisk-users I'm really having big problems with this configuration, has anyone attached a fax machine to a FXS port of a digium tdm410P card succesfully? What changes should i do on asterisk to make this work ok? I just want to use this fax machine as a fax and not to voice! Thanks! Message: 9 Date: Fri, 9 Apr 2010 19:22:05 -0430 From: Danny Dias ing.diasda...@gmail.com Subject: [asterisk-users] Problems with Fax over TDM410P To: asterisk-users@lists.digium.com Message-ID: y2l5a64fbaa1004091652k8393c88anf30c96809f8a9...@mail.gmail.com Content-Type: text/plain; charset=iso-8859-1 Hello my friends... We are having some problems with the fax in our asterisk server... We have: Asterisk 1.4.21.2 Zaptel Version: 1.4.11 libpri version: 1.4.5 Digium Card TDM 410P This digium card has 3 FXO ports and 1 FXS port where we have a fax machine connected! The problem is that we can receive fax very good, but we can't make any outbound fax call, in fact, our asterisk get freezed in this case! take a look in our zapata: [channels] language=es ;context=default rxwink=300 usecallerid=yes hidecallerid=no callwaiting=yes usecallingpres=yes callwaitingcallerid=yes threewaycalling=yes transfer=yes canpark=yes cancallforward=yes callreturn=yes echocancel=yes echocancelwhenbridged=yes rxgain=0.0 txgain=0.0 immediate=no busydetect=yes immediate=no ;busycount=4 ;busypattern=500,500 ;answeronpolarityswitch=yes ;hanguponpolarityswitch=yes ; TDM410P context = mde-g1 immediate=no signalling=fxs_ks group=0 channel = 1 context = mde-g1 immediate=yes Signalling=fxs_ks group=0 channel = 2 context = mde-g1 immediate=yes signalling=fxs_ks group=0 channel = 3 context=inside faxdetect=incoming immediate=no signalling=fxo_ks group=1 channel = 4 What should we do in order to make it work ok? we really need to put this working, i've heard that asterisk does not work very well with fax, but at least it should try to dend it, not to get frozen :S Thanks in advance for all your help! Regards -- next part -- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100409/ec63bd44/attachment-0001.htm -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PRI - Native ZAP bridge fails - Is this my patch?
Hi Guys, Has anyone experienced this? Can I have a PRI guru weigh in on this? Thanks, Bruce On Sat, Apr 10, 2010 at 3:46 PM, bruce bruce bruceb...@gmail.com wrote: Hi Guys, I am calling out 416-999- on Channel 1 of PRI and then calling 416-999- on Channel 2 of PRI. When the two channels are going to be ZAP native bridged, both channels hangup and CLI show PRI cause (16). Asterisk Verbose *(Channel 1 already connected to party)*: -- Requested transfer capability: 0x00 - SPEECH -- Called g0/416999 -- Zap/2-1 is proceeding passing it to Zap/1-1 -- Zap/2-1 is ringing -- Zap/2-1 answered Zap/1-1 -- Native bridging Zap/1-1 and Zap/2-1 -- Channel 0/1, span 1 got hangup request, cause 16 -- Hungup 'Zap/2-1' == Spawn extension (zap-bridge, s, 8) exited non-zero on 'Zap/1-1' -- Hungup 'Zap/1-1' Here is PRI debug, starting just before Channel two is connected until both channels are disconnected *(maybe FACILITY 98 is of interest?!)*: Message type: CONNECT (7) q931.c:3626 q931_receive: call 32865 on channel 2 enters state 10 (Active) Protocol Discriminator: Q.931 (8) len=5 Call Ref: len= 2 (reference 97/0x61) (Originator) Message type: CONNECT ACKNOWLEDGE (15) -- Zap/2-1 answered Zap/1-1 -- Native bridging Zap/1-1 and Zap/2-1 Protocol Discriminator: Q.931 (8) len=27 Call Ref: len= 2 (reference 96/0x60) (Originator) Message type: FACILITY (98) [1c 14 91 a1 11 02 01 06 06 07 2a 86 48 ce 15 00 08 30 03 02 01 61] Facility (len=22, codeset=0) [ 0x91, 0xA1, 0x11, 0x02, 0x01, 0x06, 0x06, 0x07, '*', 0x86, 'H', 0xCE, 0x15, 0x00, 0x08, '0', 0x03, 0x02, 0x01, 'a' ] PROTOCOL 11 A1 0011 (CONTEXT SPECIFIC [1]) 02 0001 06 (INTEGER: 6) 06 0007 2A 86 48 CE 15 00 08 (OBJECTIDENTIFIER: 2a 86 48 ce 15 00 08) 30 0003 (SEQUENCE) 02 0001 61 (INTEGER: 97) Protocol Discriminator: Q.931 (8) len=9 Call Ref: len= 2 (reference 96/0x60) (Terminator) Message type: DISCONNECT (69) [08 02 80 90] Cause (len= 4) [ Ext: 1 Coding: CCITT (ITU) standard (0) Spare: 0 Location: User (0) Ext: 1 Cause: Normal Clearing (16), class = Normal Event (1) ] -- Processing IE 8 (cs0, Cause) q931.c:3826 q931_receive: call 32864 on channel 1 enters state 12 (Disconnect Indication) -- Channel 0/1, span 1 got hangup request, cause 16 NEW_HANGUP DEBUG: Calling q931_hangup, ourstate Active, peerstate Connect Request q931.c:3015 q931_disconnect: call 32865 on channel 2 enters state 11 (Disconnect Request) Protocol Discriminator: Q.931 (8) len=9 Call Ref: len= 2 (reference 97/0x61) (Originator) Message type: DISCONNECT (69) [08 02 81 90] Cause (len= 4) [ Ext: 1 Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network serving the local user (1) Ext: 1 Cause: Normal Clearing (16), class = Normal Event (1) ] NEW_HANGUP DEBUG: Calling q931_hangup, ourstate Disconnect Indication, peerstate Disconnect Request q931.c:2967 q931_release: call 32864 on channel 1 enters state 19 (Release Request) Protocol Discriminator: Q.931 (8) len=9 Call Ref: len= 2 (reference 96/0x60) (Originator) Message type: RELEASE (77) [08 02 81 90] Cause (len= 4) [ Ext: 1 Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network serving the local user (1) Ext: 1 Cause: Normal Clearing (16), class = Normal Event (1) ] -- Hungup 'Zap/1-1' Protocol Discriminator: Q.931 (8) len=5 Call Ref: len= 2 (reference 96/0x60) (Terminator) Message type: RELEASE COMPLETE (90) q931.c:3766 q931_receive: call 32864 on channel 1 enters state 0 (Null) NEW_HANGUP DEBUG: Calling q931_hangup, ourstate Null, peerstate Null NEW_HANGUP DEBUG: Destroying the call, ourstate Null, peerstate Null Protocol Discriminator: Q.931 (8) len=5 Call Ref: len= 2 (reference 97/0x61) (Terminator) Message type: RELEASE (77) q931.c:3801 q931_receive: call 32865 on channel 2 enters state 0 (Null) NEW_HANGUP DEBUG: Calling q931_hangup, ourstate Null, peerstate Release Request Protocol Discriminator: Q.931 (8) len=9 Call Ref: len= 2 (reference 97/0x61) (Originator) Message type: RELEASE COMPLETE (90) [08 02 81 90] Cause (len= 4) [ Ext: 1 Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network serving the local user (1) Ext: 1 Cause: Normal Clearing (16), class = Normal Event (1) ] NEW_HANGUP DEBUG: Calling q931_hangup, ourstate Null, peerstate Null NEW_HANGUP DEBUG: Destroying the call, ourstate Null, peerstate Null System Info: *Bell Canada PRI* *Asterisk 1.4.21.2 * *Lib PRI 1.4.10* Is this my patch? https://issues.asterisk.org/view.php?id=7494 Thanks, Bruce -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs:
Re: [asterisk-users] Being attacked by an Amazon EC2 ...
On Sun, 11 Apr 2010, Mark Smith wrote: Same this end from 184.73.17.150. Use this little piece of iptables magic to block the whole of Amazon's EC2 ip- range. iptables -F iptables -A INPUT -m iprange --src-range 216.182.224.0-216.182.239.255 -j DROP iptables -A INPUT -m iprange --src-range 72.44.32.0-72.44.63.255 -j DROP iptables -A INPUT -m iprange --src-range 67.202.0.0-67.202.63.255 -j DROP iptables -A INPUT -m iprange --src-range 75.101.128.0-75.101.255.255 -j DROP iptables -A INPUT -m iprange --src-range 174.129.0.0-174.129.255.255 -j DROP iptables -A INPUT -m iprange --src-range 204.236.192.0-204.236.255.255 -j DROP iptables -A INPUT -m iprange --src-range 184.73.0.0-184.73.255.255 -j DROP iptables -A INPUT -m iprange --src-range 216.236.128.0-216.236.191.255 -j DROP iptables -A INPUT -m iprange --src-range 184.72.0.0-184.72.63.255 -j DROP iptables -A INPUT -m iprange --src-range 79.125.0.0-79.125.127.255 -j DROP service iptables save This sorts it out in the short-term until Amazon realise their service is being utilised by arseholes. Would this work if using Shorewall? What would a sane ruleset for Shorewall look like that implements some sort of rate limiting features? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Remote registering fails
The context that I'm using for the local extensions is not [general]. Sorry quite didn't get what you mean. Nevertheless I I think it is a matter of NAT/firewall management. Alyed 2010/4/11 Daniel Bareiro daniel-lis...@gmx.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Alyed. On Sun, 11 Apr 2010, Alyed wrote: Daniel, you are having a problem often seen in pre 1.4.14 versions. Before this release srvlookup=no was the default for sip.conf and guess the same for iax.conf . So if you are working with a previous release just add this parameter .. but change it to serverlookup=yes under your iax.conf [general] section. Sorry, the parameter should be. srvlookup=yes I'm using Asterisk 1.4.24.1. Anyway, I was seeing the file sip.conf and yes I have srvlookup=yes in [general]. In iax.conf it is not defined explicitly, so I suppose that it will be taking the value by default. The context that I'm using for the local extensions is not [general]. Can it have to do? Thanks for your reply. Regards, Daniel -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkvBw+sACgkQZpa/GxTmHTcdFQCfWiXsyRQ85s1fy9Ygb+IhlGGy 8kgAniMCjFLfZoyrEKKxao4FcRLsXTil =ltqS -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] asterisk segmentation fault
Hi all, I have a problem with my asterisk. When i start asterisk, i got the following -- /usr/sbin/safe_asterisk: line 152: 23241 Segmentation fault (core dumped) nice -n $PRIORITY ${ASTSBINDIR}/asterisk -f ${CLIARGS} ${ASTARGS} /dev/${TTY} 21 /dev/${TTY} Asterisk ended with exit status 139 Asterisk exited on signal EXITSTATUS-128. Automatically restarting Asterisk. -- Everything is fine, before I install cdr_addon_mysql.so and modifying cdr_mysql.conf. I use asterisk 1.6.2.1, asterisk-addon 1.6.2.0, Centos 5.3 Thanks in advance. Quyps -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users