[asterisk-users] libpri rpm version 1.4.12 for CentOS 5.6

[Kaushal Shriyan]

Hi,

Is libpri rpm version 1.4.12 for CentOS 5.6 made available ?

[root@ ~]# rpm -qa | grep libpri
libpri-1.4.11.5-1_centos5
[root@ ~]# cat /etc/redhat-release
CentOS release 5.6 (Final)
[root@ ~]#
[root@ ~]#  yum list updates | grep libpri
[root@ ~]#

Please suggest/guide further.

Regards,

Kaushal

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Alex Balashov]

On Jul 26, 2011, at 2:33 PM, Bruce B  wrote:

> people lose much more  in VoIP than they ever did in SSH hacking.

Um, what?

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] file2ban

[--[ UxBoD ]--]

If you are using OSSEC here are some rules:


  local-asterisk-denied
  Asterisk Potentially Under Attack



  1
  
  Asterisk Under Brute Force Attack


and for the local_decoder:


  NOTICE[\d+] \S+: Registration from 
  ^\S+ failed for '(\d+.\d+.\d+.\d+)'
  srcip


OSSEC can then use Active Response to block the IP using IPtables.
-- 
Thanks, Phil

- Original Message -
> 
> 
> > -Original Message-
> > From: asterisk-users-boun...@lists.digium.com
> > [mailto:asterisk-users-
> > boun...@lists.digium.com] On Behalf Of Bryant Zimmerman
> > Sent: Tuesday, July 26, 2011 3:22 PM
> > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > Subject: Re: [asterisk-users] file2ban
> > 
> > I want to add an entry to a database every time a brute force
> > registration
> > attempt is done.
> > from this database we are updating cisco routers with our ban list
> > so our
> > entire network is protected.
> > The database side of things is working and has been for some time.
> > I really
> > would like to add the file2ban side of it to protect our asterisk
> > system
> > better.
> 
> Look at the /etc/fail2ban/action.d/   Actions in the default config
> runs an iptables command to insert the ban into IPTables, but you
> can have it run most any command.
> 
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
> 

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Paul Belanger]

On 11-07-26 02:33 PM, Bruce B wrote:

I would have to err on the side of CDR to say that the only difference in
analogy you provided (SSH vs Asterisk) is that people lose much more
 in VoIP than they ever did in SSH hacking. So, if this is an
exceptional case bending a rule or two of RFC in favor of security won't
harm specially if it's provided as an option. After-all, RFC does stand for
Referral For Comment as in always open to be improved. Secondly, there is no
trade off with the responses as local and private IP networks are well know
from the public range so the option for such a security measure can be tuned
to be smart to that end.

The only thing I like about MS OSs is that it's secure out of box and that
is really what a Linux OS should be as well but it's not and so it's not
solely Digium's issue and I see your point giving the analogy.

I think it's a good idea if such a security "option" is provided by default
in Asterisk knowing it can save a lot of headache. If budget is an issue
maybe make it a bounty and watch support pouring in...

ProTip: Nothing is 'secure out of box' and believe this marketing 
tag-line only provides a false sense of security.


Even if the community does as you ask, it would not guarantee security. 
 Good security required upkeep and maintenance.


As an example, what version of Asterisk are you running on your 
production sites?


--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode)
Check us out at: http://digium.com & http://asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Alex Balashov]

On 07/26/2011 03:51 PM, Richard Kenner wrote:


Can please the Powers that Be reconsider and add this option to sip.conf?


What "Powers that Be"?  This is open-source software!  If you need an
option in sip.conf, just add it!


Or don't.  Just because it's open source doesn't mean you should put 
dumb stuff in there that doesn't belong.



--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Richard Kenner]

> Can please the Powers that Be reconsider and add this option to sip.conf?

What "Powers that Be"?  This is open-source software!  If you need an
option in sip.conf, just add it!

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Steve Edwards]

On Tue, 26 Jul 2011, Bruce B wrote:

After-all, RFC does stand for Referral For Comment as in always open to 
be improved.


Actually, it stands for 'Request' and I don't think Digium or the Asterisk 
mailing lists made the request :)


Maybe the proper path is for you to submit a comment to the responsible 
parties and see if you can get any traction there.


Failing that, if your unfunded requests for this feature fall on deaf ears 
on the mailing list, maybe a bounty would help.


I don't think having each application (Asterisk, SSH, Apache, MySQL, etc.) 
handle security in an incompatible way is going to advance the state of 
security.


As long as the application can be configured to log what you consider a 
security event, you have the ability to implement whichever security 
policies make sense to you.


Why do you find the 'fail2ban' and 'iptables' suggestions insufficient?

--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
Newline  Fax: +1-760-731-3000

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] file2ban

[Eric Wieling]

> -Original Message-
> From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-
> boun...@lists.digium.com] On Behalf Of Bryant Zimmerman
> Sent: Tuesday, July 26, 2011 3:22 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] file2ban
> 
> I want to add an entry to a database every time a brute force registration
> attempt is done.
> from this database we are updating cisco routers with our ban list so our
> entire network is protected.
> The database side of things is working and has been for some time. I really
> would like to add the file2ban side of it to protect our asterisk system
> better.

Look at the /etc/fail2ban/action.d/   Actions in the default config runs an 
iptables command to insert the ban into IPTables, but you can have it run most 
any command.  


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] file2ban

[arcopix]

Hello,

That is relatively easy :)

fail2ban is actually executing a command. Check out the actions configs
that are stored in your fail2ban directory. E.g:
> ls -1 /etc/fail2ban/action.d/ 

You can write your own script (bash/php/perl/C/you name it) that inputs
the information in the DB or attempt to use something like:
> echo "INSERT INTO ban_addresses VALUES ('');" | mysql -u someuser 
> -p'somepass'
However I am not sure if this solution will work under fail2ban
(forwarding output to another app via pipe)

Regards,
Stefan Lekov


On Tue, 26 Jul 2011 15:21:39 -0400, "Bryant Zimmerman"
 wrote:
> I want to add an entry to a database every time a brute force
> registration attempt is done.
>  from this database we are updating cisco routers with our ban list so
> our entire network is protected.
>  The database side of things is working and has been for some time. I
> really would like to add the file2ban side of it to protect our
> asterisk system better.
> 
>  How would I best go about doing this using file2ban with asterisk?
>  Any feed back is appreciated. 
> 
> Thanks
>  zktech


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] file2ban

[Patrick Lists]

On 07/26/2011 09:21 PM, Bryant Zimmerman wrote:

I want to add an entry to a database every time a brute force
registration attempt is done.
from this database we are updating cisco routers with our ban list so
our entire network is protected.
The database side of things is working and has been for some time. I
really would like to add the file2ban side of it to protect our asterisk
system better.

How would I best go about doing this using file2ban with asterisk?
Any feed back is appreciated.


Try:

http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk

Regards,
Patrick

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] file2ban

[Bryant Zimmerman]

I want to add an entry to a database every time a brute force registration 
attempt is done.

from this database we are updating cisco routers with our ban list so our 
entire network is protected.

The database side of things is working and has been for some time. I really 
would like to add the file2ban side of it to protect our asterisk system 
better.


How would I best go about doing this using file2ban with asterisk?

Any feed back is appreciated. 


Thanks

zktech
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[arcopix]

Hello all,

Just out of curiosity, why are you not using something like fail2ban.
It tends to work flawlessly against brute force attacks. It works 
good on invalid registrations / invites / etc.

You can go pretty much fanatic with that tool (ban IP addr for a week
if
they fail to register more than 6 times).

What you are proposing is not hard to be achieved but it won't
introduce
any improvement in the security of any protocol supported by Asterisk.

Regards,
Stefan Lekov

On Tue, 26 Jul 2011 14:42:01 -0400, Alex Balashov
 wrote:
> On 07/26/2011 02:33 PM, Bruce B wrote:
> 
>> I would have to err on the side of CDR to say that the only difference
>> in analogy you provided (SSH vs Asterisk) is that people lose much
>> more  in VoIP than they ever did in SSH hacking. So, if this
>> is an exceptional case bending a rule or two of RFC in favor of
>> security won't harm specially if it's provided as an
>> option.
> 
> Again:
> 
> _Applications are often conceptually distinct from the most
> appropriate means of securing them._
> 
> Moreover, as Kevin Fleming pointed out, refraining from responding to
> invalid credentials while continuing to responding to valid ones
> simply shifts the presentation of the information, from the point of
> view of the scanner.  It doesn't accomplish your goal at all.
> 
>> After-all, RFC does stand for Referral For Comment as in always
>> open to be improved.
> 
> Adopted ones are standards to be followed.
> 
> You're right, though;  the IETF SIP working group welcomes
> incremental improvements;  submit yours and see what they think.  If
> you get your draft adopted, I am sure Digium would be more than happy
> to implement it in chan_sip.
> 
>> I think it's a good idea if such a security "option" is provided by
>> default in Asterisk knowing it can save a lot of headache. If
>> budget is an issue maybe make it a bounty and watch support pouring
>> in...
> 
> The issue is not lack of resources, but rather that it's conceptually
> incorrect behaviour, and that the UAS is the wrong place to solve this
> problem.
> 
> The best advice that has been given in relation to this topic so far
> came from Lee Howard earlier today:
> 
> http://lists.digium.com/pipermail/asterisk-users/2011-July/265012.html
> 
> -- 
> Alex Balashov - Principal
> Evariste Systems LLC
> 260 Peachtree Street NW
> Suite 2200
> Atlanta, GA 30303
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Alex Balashov]

On 07/26/2011 02:33 PM, Bruce B wrote:


I would have to err on the side of CDR to say that the only difference
in analogy you provided (SSH vs Asterisk) is that people lose much
more  in VoIP than they ever did in SSH hacking. So, if this
is an exceptional case bending a rule or two of RFC in favor of
security won't harm specially if it's provided as an
option.


Again:

_Applications are often conceptually distinct from the most 
appropriate means of securing them._


Moreover, as Kevin Fleming pointed out, refraining from responding to 
invalid credentials while continuing to responding to valid ones 
simply shifts the presentation of the information, from the point of 
view of the scanner.  It doesn't accomplish your goal at all.



After-all, RFC does stand for Referral For Comment as in always
open to be improved.


Adopted ones are standards to be followed.

You're right, though;  the IETF SIP working group welcomes incremental 
improvements;  submit yours and see what they think.  If you get your 
draft adopted, I am sure Digium would be more than happy to implement 
it in chan_sip.



I think it's a good idea if such a security "option" is provided by
default in Asterisk knowing it can save a lot of headache. If
budget is an issue maybe make it a bounty and watch support pouring
in...


The issue is not lack of resources, but rather that it's conceptually 
incorrect behaviour, and that the UAS is the wrong place to solve this 
problem.


The best advice that has been given in relation to this topic so far 
came from Lee Howard earlier today:


http://lists.digium.com/pipermail/asterisk-users/2011-July/265012.html

--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Bruce B]

I would have to err on the side of CDR to say that the only difference in
analogy you provided (SSH vs Asterisk) is that people lose much more
 in VoIP than they ever did in SSH hacking. So, if this is an
exceptional case bending a rule or two of RFC in favor of security won't
harm specially if it's provided as an option. After-all, RFC does stand for
Referral For Comment as in always open to be improved. Secondly, there is no
trade off with the responses as local and private IP networks are well know
from the public range so the option for such a security measure can be tuned
to be smart to that end.

The only thing I like about MS OSs is that it's secure out of box and that
is really what a Linux OS should be as well but it's not and so it's not
solely Digium's issue and I see your point giving the analogy.

I think it's a good idea if such a security "option" is provided by default
in Asterisk knowing it can save a lot of headache. If budget is an issue
maybe make it a bounty and watch support pouring in...

- Bruce

On Tue, Jul 26, 2011 at 2:14 PM, Alex Balashov wrote:

> On 07/26/2011 02:09 PM, CDR wrote:
>
>  Only way to cope with hackers would be that Digium comes to its
>> senses and accepts to disable any response to a REGISTER whose
>> username is unknown.  I cannot think of a good reason why Digium
>> finds this proposal unacceptable, given the onslaught of hacking
>> that we are seeing in the industry. It may take a single line of
>> code and it would save millions of $$$. Not only because the
>> hackers will never get in, but because we would save a huge CPU
>> impact responding to hundreds of REGISTER attempts per minute. It
>> is a NO brainer. Can please the Powers that Be reconsider and add
>> this option to sip.conf? Please?
>>
>
> No, because that's absolutely ridiculous.  The proper, RFC-compliant
> behaviour is to return an authentication failure in response to invalid
> credentials.  This mechanism is relied upon for legitimate functionality,
> such as letting the UAs of intended users know that they are sending
> incorrect credentials.
>
> As was pointed out before, Asterisk is a mostly application-level
> construct.  Applications usually have some rudimentary means of self-defense
> such as ACLs, but applications are often conceptually distinct from the most
> appropriate means of securing them.  That's what firewalls, SBCs, intrusion
> detection systems, etc. are for.
>
> Your position is equivalent to saying that stock SSH should not return
> authentication errors for invalid passwords.  The proper solution to
> dictionary attacks is to firewall the SSH service, use RSA keys, VPNs, etc.,
> not to tell the maintainers of the OpenSSH project to come to its senses.
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 260 Peachtree Street NW
> Suite 2200
> Atlanta, GA 30303
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/
>
>
> --
> __**__**_
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>  http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>  
> http://lists.digium.com/**mailman/listinfo/asterisk-**users
>
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Scheduling destruction of SIP dialog

[Kevin P. Fleming]

On 07/26/2011 02:20 PM, Flavio Miranda wrote:

Hello,


I am receiving the following message all the time, all sip peers, and
always finishing with "destructing dialog..". :

--- (13 headers 0 lines) ---
Sending to 192.168.0.106 : 5060 (no NAT)
Reliably Transmitting (no NAT) to 192.168.0.106:5060:
OPTIONS sip:2036@192.168.0.106:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.254:5060;branch=z9hG4bK58b8c6b7;rport
Max-Forwards: 70
From: "asterisk" ;tag=as34ab67bd
To: 
Contact: 
Call-ID: 21adef7521218c116309d7784527451c@192.168.0.254
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 1.6.2.18
Date: Tue, 26 Jul 2011 18:09:32 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Content-Length: 0


---

<--- Transmitting (no NAT) to 192.168.0.106:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP
192.168.0.106:5060;branch=z9hG4bK1228024af6;received=192.168.0.106;rport=5060
From: "Central2" ;tag=40e337db
To: "Central2" ;tag=as11725d36
Call-ID: 393c15291791541a4628830c0db3acd0@192.168.0.106
CSeq: 802 REGISTER
Server: Asterisk PBX 1.6.2.18
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Expires: 60
Contact: ;expires=60
Date: Tue, 26 Jul 2011 18:09:32 GMT
Content-Length: 0


<>
Scheduling destruction of SIP dialog
'393c15291791541a4628830c0db3acd0@192.168.0.106' in 32000 ms (Method:
REGISTER)

<--- SIP read from UDP:192.168.0.106:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP
192.168.0.254:5060;rport=5060;received=192.168.0.254;branch=z9hG4bK58b8c6b7
From: "asterisk" ;tag=as34ab67bd
To: ;tag=0c6ccbbd
Call-ID: 21adef7521218c116309d7784527451c@192.168.0.254
Contact: 
CSeq: 102 OPTIONS
Allow: INVITE,CANCEL,ACK,BYE,NOTIFY,REFER,OPTIONS
Content-Length: 0

Nay body know what's wrong here ?


What makes you think something is wrong? Nothing is wrong here, this is 
perfectly normal.


--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Scheduling destruction of SIP dialog

[Flavio Miranda]

 Hello,


  I am receiving the following message all the time, all sip peers, and always 
finishing with  "destructing dialog..". :

--- (13 headers 0 lines) ---
Sending to 192.168.0.106 : 5060 (no NAT)
Reliably Transmitting (no NAT) to 192.168.0.106:5060:
OPTIONS sip:2036@192.168.0.106:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.254:5060;branch=z9hG4bK58b8c6b7;rport
Max-Forwards: 70
From: "asterisk" ;tag=as34ab67bd
To: 
Contact: 
Call-ID: 21adef7521218c116309d7784527451c@192.168.0.254
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 1.6.2.18
Date: Tue, 26 Jul 2011 18:09:32 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Content-Length: 0


---

<--- Transmitting (no NAT) to 192.168.0.106:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
192.168.0.106:5060;branch=z9hG4bK1228024af6;received=192.168.0.106;rport=5060
From: "Central2" ;tag=40e337db
To: "Central2" ;tag=as11725d36
Call-ID: 393c15291791541a4628830c0db3acd0@192.168.0.106
CSeq: 802 REGISTER
Server: Asterisk PBX 1.6.2.18
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Expires: 60
Contact: ;expires=60
Date: Tue, 26 Jul 2011 18:09:32 GMT
Content-Length: 0


<>
Scheduling destruction of SIP dialog 
'393c15291791541a4628830c0db3acd0@192.168.0.106' in 32000 ms (Method: REGISTER)

<--- SIP read from UDP:192.168.0.106:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 
192.168.0.254:5060;rport=5060;received=192.168.0.254;branch=z9hG4bK58b8c6b7
From: "asterisk" ;tag=as34ab67bd
To: ;tag=0c6ccbbd
Call-ID: 21adef7521218c116309d7784527451c@192.168.0.254
Contact: 
CSeq: 102 OPTIONS
Allow: INVITE,CANCEL,ACK,BYE,NOTIFY,REFER,OPTIONS
Content-Length: 0

Nay body know what's wrong here ?

Thanks!

Att,

 

Flavio Roberto Miranda

MSN:flaviormira...@hotmail.com
Skype: flaviormiranda --
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Kevin P. Fleming]

On 07/26/2011 02:14 PM, Alex Balashov wrote:

On 07/26/2011 02:09 PM, CDR wrote:


Only way to cope with hackers would be that Digium comes to its
senses and accepts to disable any response to a REGISTER whose
username is unknown. I cannot think of a good reason why Digium
finds this proposal unacceptable, given the onslaught of hacking
that we are seeing in the industry. It may take a single line of
code and it would save millions of $$$. Not only because the
hackers will never get in, but because we would save a huge CPU
impact responding to hundreds of REGISTER attempts per minute. It
is a NO brainer. Can please the Powers that Be reconsider and add
this option to sip.conf? Please?


No, because that's absolutely ridiculous. The proper, RFC-compliant
behaviour is to return an authentication failure in response to invalid
credentials. This mechanism is relied upon for legitimate functionality,
such as letting the UAs of intended users know that they are sending
incorrect credentials.

As was pointed out before, Asterisk is a mostly application-level
construct. Applications usually have some rudimentary means of
self-defense such as ACLs, but applications are often conceptually
distinct from the most appropriate means of securing them. That's what
firewalls, SBCs, intrusion detection systems, etc. are for.

Your position is equivalent to saying that stock SSH should not return
authentication errors for invalid passwords. The proper solution to
dictionary attacks is to firewall the SSH service, use RSA keys, VPNs,
etc., not to tell the maintainers of the OpenSSH project to come to its
senses.


Two additional points to the ones Alex already made:

* We *must* behave identically for any REGISTER request, regardless of 
whether the requested URI represents a 'known' or an 'unknown' address 
of record (user). If that is not done, then it's easy for an attacker to 
learn which usernames *are* valid, and focus their dictionary attack 
efforts on those usernames.


* The processing workload in Asterisk for a REGISTER request is to 
parse, validate and process it, *not* sending the failure (or 
'authentication required') response. Making Asterisk not send the 
response would *not* cause hackers to stop sending masses of REGISTER 
requests; once they have *any* reason to suspect that a particular IP 
address/port combination has a SIP registrar listening on it, they'll 
attack it.


--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[Alex Balashov]

On 07/26/2011 02:09 PM, CDR wrote:


Only way to cope with hackers would be that Digium comes to its
senses and accepts to disable any response to a REGISTER whose
username is unknown.  I cannot think of a good reason why Digium
finds this proposal unacceptable, given the onslaught of hacking
that we are seeing in the industry. It may take a single line of
code and it would save millions of $$$. Not only because the
hackers will never get in, but because we would save a huge CPU
impact responding to hundreds of REGISTER attempts per minute. It
is a NO brainer. Can please the Powers that Be reconsider and add
this option to sip.conf? Please?


No, because that's absolutely ridiculous.  The proper, RFC-compliant 
behaviour is to return an authentication failure in response to 
invalid credentials.  This mechanism is relied upon for legitimate 
functionality, such as letting the UAs of intended users know that 
they are sending incorrect credentials.


As was pointed out before, Asterisk is a mostly application-level 
construct.  Applications usually have some rudimentary means of 
self-defense such as ACLs, but applications are often conceptually 
distinct from the most appropriate means of securing them.  That's 
what firewalls, SBCs, intrusion detection systems, etc. are for.


Your position is equivalent to saying that stock SSH should not return 
authentication errors for invalid passwords.  The proper solution to 
dictionary attacks is to firewall the SSH service, use RSA keys, VPNs, 
etc., not to tell the maintainers of the OpenSSH project to come to 
its senses.


--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Securing Asterisk

[CDR]

Only way to cope with hackers would be that Digium comes to its senses
and accepts to disable any response to a REGISTER whose username is
unknown.  I cannot think of a good reason why Digium finds this
proposal unacceptable, given the onslaught of hacking that we are
seeing in the industry. It may take a single line of code and it would
save millions of $$$. Not only because the hackers will never get in,
but because we would save a huge CPU impact responding to hundreds of
REGISTER attempts per minute. It is a NO brainer. Can please the
Powers that Be reconsider and add this option to sip.conf?
Please?

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] R: Browser based SIP UA

[Alexandru Oniciuc]

I mean anything not an extension that can run on Linux (Apache/Tomcat).

Thanks,
Alex

-Messaggio originale-
Da: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] Per conto di Alex Balashov
Inviato: martedì 26 luglio 2011 16:15
A: asterisk-users@lists.digium.com
Oggetto: Re: [asterisk-users] Browser based SIP UA

On 07/26/2011 10:13 AM, Alexandru Oniciuc wrote:

> can anyone recommend a browser based SIP client that works well with
> Asterisk?
>
> I need something that requires authentication (based on Asterisks peer
> name and pass).

What do you mean "browser-based"?  Any particular preference of technology?  
Flash?  Silverlight?  Java applet?  Browser extension?

--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to 
Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Browser based SIP UA

[Alex Balashov]

On 07/26/2011 10:13 AM, Alexandru Oniciuc wrote:


can anyone recommend a browser based SIP client that works well with
Asterisk?

I need something that requires authentication (based on Asterisks peer
name and pass).


What do you mean "browser-based"?  Any particular preference of 
technology?  Flash?  Silverlight?  Java applet?  Browser extension?


--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Browser based SIP UA

[Alexandru Oniciuc]

Hello,

can anyone recommend a browser based SIP client that works well with Asterisk?
I need something that requires authentication (based on Asterisks peer name and 
pass).

Thanks in advance!
Alex
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] NAT yes

[Robert Huddleston]

Also consider the setting localnet in sip.conf

-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Alex Balashov
Sent: Tuesday, July 26, 2011 9:24 AM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] NAT yes

On 07/26/2011 09:19 AM, Flavio Miranda wrote:

> In a no natted environment if I letnat=yes on sip.conf it would
> cause some thing bad or it is irrelevant ? Anybody know ?

There is no harm unless the endpoint you are dealing with does not do 
symmetric RTP.  The nat=yes option assumes that it is okay to send RTP 
back to the source port from which it originated, irrespectively of 
what's in the SDP.  This will cause one-way audio if the endpoint 
happens to want to receive RTP on a different port than the one it is 
sending it from.

Almost all endpoints these days do symmetric RTP, though, so it's not 
a huge concern.

That said, from a methodological and aesthetic perspective, it is 
better not to break standard RFC-compliant behaviour unnecessarily. 
Thus, I would not enable nat=yes unless there really is no direct 
network and transport-layer reachability to the endpoint.

-- 
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] NAT yes

[Alex Balashov]

On 07/26/2011 09:29 AM, Flavio Miranda wrote:


I am experiencing some one-way audio, that's the reason of the
questions!


There are many possible reasons for it, but asymmetric RTP + 'nat=yes' 
may be one of them.


--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] NAT yes

[Flavio Miranda]

Thanks  Alex Balashov,

   I am experiencing some one-way audio, that's the reason of the questions! 

Att,

 

Flavio Roberto Miranda

MSN:flaviormira...@hotmail.com
Skype: flaviormiranda

> Date: Tue, 26 Jul 2011 09:23:42 -0400
> From: abalas...@evaristesys.com
> To: asterisk-users@lists.digium.com
> Subject: Re: [asterisk-users] NAT yes
> 
> On 07/26/2011 09:19 AM, Flavio Miranda wrote:
> 
> > In a no natted environment if I letnat=yes on sip.conf it would
> > cause some thing bad or it is irrelevant ? Anybody know ?
> 
> There is no harm unless the endpoint you are dealing with does not do 
> symmetric RTP.  The nat=yes option assumes that it is okay to send RTP 
> back to the source port from which it originated, irrespectively of 
> what's in the SDP.  This will cause one-way audio if the endpoint 
> happens to want to receive RTP on a different port than the one it is 
> sending it from.
> 
> Almost all endpoints these days do symmetric RTP, though, so it's not 
> a huge concern.
> 
> That said, from a methodological and aesthetic perspective, it is 
> better not to break standard RFC-compliant behaviour unnecessarily. 
> Thus, I would not enable nat=yes unless there really is no direct 
> network and transport-layer reachability to the endpoint.
> 
> -- 
> Alex Balashov - Principal
> Evariste Systems LLC
> 260 Peachtree Street NW
> Suite 2200
> Atlanta, GA 30303
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
  --
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] NAT yes

[Alex Balashov]

On 07/26/2011 09:19 AM, Flavio Miranda wrote:


In a no natted environment if I letnat=yes on sip.conf it would
cause some thing bad or it is irrelevant ? Anybody know ?


There is no harm unless the endpoint you are dealing with does not do 
symmetric RTP.  The nat=yes option assumes that it is okay to send RTP 
back to the source port from which it originated, irrespectively of 
what's in the SDP.  This will cause one-way audio if the endpoint 
happens to want to receive RTP on a different port than the one it is 
sending it from.


Almost all endpoints these days do symmetric RTP, though, so it's not 
a huge concern.


That said, from a methodological and aesthetic perspective, it is 
better not to break standard RFC-compliant behaviour unnecessarily. 
Thus, I would not enable nat=yes unless there really is no direct 
network and transport-layer reachability to the endpoint.


--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] NAT yes

[Flavio Miranda]

Hello averybody,

 In a no natted environment  if I letnat=yes on sip.conf it would cause some 
thing bad or it is  irrelevant ? Anybody know ?

thanks in advanced!

Att,

 

Flavio Roberto Miranda

MSN:flaviormira...@hotmail.com
Skype: flaviormiranda --
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] MusicOnHold not loaded

[Michael]

On Tue, Jul 26, 2011 at 3:31 PM, Michael  wrote:

> On Tue, Jul 26, 2011 at 3:10 PM, Kevin P. Fleming wrote:
>>
>> Do you have at least one of the asterisk-sounds-moh RPMs installed?
>>
>> No idea. How/where do I check/find them?
>


I performed the following:

[root@pbx ~]# yum install asterisk-sounds-moh-opsound-wav.noarch
Loaded plugins: fastestmirror, kmod
Loading mirror speeds from cached hostfile
...
---> Package asterisk-sounds-moh-opsound-wav.noarch 0:0.0-4_centos5 set to
be updated
--> Finished Dependency Resolution

Dependencies Resolved

===
 Package   Arch Version
Repository  Size
===
Installing:
 asterisk-sounds-moh-opsound-wav   noarch   0.0-4_centos5
asterisk-current15 M

Transaction Summary
===
Install   1 Package(s)
Upgrade   0 Package(s)

Total download size: 15 M
Is this ok [y/N]: y
Downloading Packages:
asterisk-sounds-moh-opsound-wav-0.0-4_centos5.noarch.rpm
|  15 MB 00:08
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing :
asterisk-sounds-moh-opsound-wav
1/1

Installed:
  asterisk-sounds-moh-opsound-wav.noarch 0:0.0-4_centos5

Complete!





Then I restarted asterisk, but the "moh show classes" command still doesn't
give any result.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] MusicOnHold not loaded

[Michael]

On Tue, Jul 26, 2011 at 3:10 PM, Kevin P. Fleming wrote:
>
> Do you have at least one of the asterisk-sounds-moh RPMs installed?
>
> No idea. How/where do I check/find them?
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] MusicOnHold not loaded

[Kevin P. Fleming]

On 07/26/2011 02:46 AM, Michael wrote:

Hello,

We're running 2 Asterisk 1.6.2.x systems, one installed from source and
one from AsteriskNow.

On the system installed form source, MOH works fine and these are the
results we get for the different relevant queries:


Do you have at least one of the asterisk-sounds-moh RPMs installed?

--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Callback + DISA

[Antonio Modesto]

Hello,

I am trying to use a Callback system that return the call to some
number then give it a dial tone with DISA. The callback works well and i
can hear the dial tone, the problem is that DISA doesn't do anything
when i press any extension number of the current context and hangs the
call up after few seconds. If i use callback just to return to the
number then call an extension (ex: a sip phone) it works fine, do you
know if there is some incompatibility about DISA + Callback?

Obs. I use DTMF signaling. (Brazil)


Regards.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Alex Balashov]

I think the real answer has mostly to do with the fact that no serious person, 
in their right mind, would run Windows in a server role in 2011.  Not unless 
their hands are tied by legacy systems or big-corporate IT logic.  

Asterisk is firmly intended to run on servers.  It's not a desktop app.

--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

On Jul 26, 2011, at 3:45 AM, Gilles  wrote:

> On Tue, 26 Jul 2011 07:28:27 +, "Soeren Malchow (MCon)"
>  wrote:
>> And asterisk just runs fine on linux why bother ?
> 
> Because I, for one, would like to run Asterisk on my Windows
> workstation at home as an enhanced answering machine :-)
> 
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Ruben Rögels]

...and why do we all mess around with IT stuff and asterisk in special?

Spoiler: because we can...!

;-)

regards,
Ruben

Am 26.07.2011 10:16, schrieb A J Stiles:
> On Tuesday 26 Jul 2011, Gilles wrote:
>> On Tue, 26 Jul 2011 07:28:27 +, "Soeren Malchow (MCon)"
>>
>>  wrote:
>>> And asterisk just runs fine on linux why bother ?
>>
>> Because I, for one, would like to run Asterisk on my Windows
>> workstation at home as an enhanced answering machine :-)
> 
> And you can't just run Asterisk on a separate Linux box at home as an 
> enhanced 
> answering machine because . ?
> 


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Functions not autoloading

[--[ UxBoD ]--]

Have filed https://issues.asterisk.org/jira/browse/ASTERISK-18167 as its always 
repeatable.
-- 
Thanks, Phil

- Original Message -
> Is anybody else seeing this at all ?
> --
> Thanks, Phil
> 
> - Original Message -
> > Just received a call and on checking messages I now see:
> > 
> > ERROR[14824] pbx.c: Function MASTER_CHANNEL not registered
> > 
> > Grrr, looks like time to go back to 1.8.3 as all the apps and
> > functions exist in /usr/lib/asterisk/modules.
> > 
> > How could I help to debug this please ?
> > --
> > Thanks, Phil
> > 
> > - Original Message -
> > > On 07/21/2011 04:31 AM, --[ UxBoD ]-- wrote:
> > > > Since upgrading to 1.8.5.0 I have had to add into modules.conf:
> > > >
> > > > load =>  func_callerid.so
> > > > load =>  func_cdr.so
> > > >
> > > > otherwise they do not get loaded even though I have set
> > > > autoload=yes.
> > > >
> > > > Is this something you would expect as it is different behavior
> > > > to
> > > > 1.8.3.0 and I do not see any issues in
> > > > /var/log/asterisk/messages
> > > > ?
> > > 
> > > No, this is not expected behavior.
> > > 
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
> 

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Gilles]

On Tue, 26 Jul 2011 12:07:10 +0300, Tzafrir Cohen
 wrote:
>There were some later fixes at around 1.6.0 to try to get the code built
>on cygwin. I would suggest you to try building it on cygwin and see
>where things fail.
>
>Also grep for CYGWIN or such in the source (especially in Makefile-s).

Thanks for the infos.


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Tzafrir Cohen]

On Tue, Jul 26, 2011 at 10:45:59AM +0200, Gilles wrote:
> On Tue, 26 Jul 2011 10:59:22 +0300, Tzafrir Cohen
>  wrote:
> >Patches are welcomed.
> 
> Does someone know the kind of changes that were made by AsteriskWin32,
> and how hard it'd be to apply them to more recent releases of
> Asterisk?

There were some later fixes at around 1.6.0 to try to get the code built
on cygwin. I would suggest you to try building it on cygwin and see
where things fail.

Also grep for CYGWIN or such in the source (especially in Makefile-s).

-- 
   Tzafrir Cohen
icq#16849755  jabber:tzafrir.co...@xorcom.com
+972-50-7952406   mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com  iax:gu...@local.xorcom.com/tzafrir

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Gilles]

On Tue, 26 Jul 2011 10:59:22 +0300, Tzafrir Cohen
 wrote:
>Patches are welcomed.

Does someone know the kind of changes that were made by AsteriskWin32,
and how hard it'd be to apply them to more recent releases of
Asterisk?


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[A J Stiles]

On Tuesday 26 Jul 2011, Gilles wrote:
> On Tue, 26 Jul 2011 07:28:27 +, "Soeren Malchow (MCon)"
>
>  wrote:
> >And asterisk just runs fine on linux why bother ?
>
> Because I, for one, would like to run Asterisk on my Windows
> workstation at home as an enhanced answering machine :-)

And you can't just run Asterisk on a separate Linux box at home as an enhanced 
answering machine because . ?

-- 
AJS

Answers come *after* questions.

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Tzafrir Cohen]

On Tue, Jul 26, 2011 at 09:45:35AM +0200, Gilles wrote:
> On Tue, 26 Jul 2011 07:28:27 +, "Soeren Malchow (MCon)"
>  wrote:
> >And asterisk just runs fine on linux why bother ?
> 
> Because I, for one, would like to run Asterisk on my Windows
> workstation at home as an enhanced answering machine :-)

Patches are welcomed.

-- 
   Tzafrir Cohen
icq#16849755  jabber:tzafrir.co...@xorcom.com
+972-50-7952406   mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com  iax:gu...@local.xorcom.com/tzafrir

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[A J Stiles]

On Tuesday 26 Jul 2011, Gilles wrote:
> Hello,
>
> Since Asterisk has been ported to exotic platforms like SOHO routers
> (Linksys, Buffalo, etc.) and non-MMU CPUs (Blackfin, etc.), I was
> wondering why the Windows port never really took off.

A better question would be:  Why would anyone even *want* to port Asterisk to 
Windows?  You have to pay for Windows *and* you don't even get the Source 
Code.  And you can't run Windows without the CPU-hogging GUI.  Worst of all 
possible worlds, surely?

If you want to run Asterisk on a Windows PC, it is far easier just to boot up 
an AsteriskNOW CD.

-- 
AJS

Answers come *after* questions.

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Why no traction for Windows version?

[Gilles]

On Tue, 26 Jul 2011 07:28:27 +, "Soeren Malchow (MCon)"
 wrote:
>And asterisk just runs fine on linux why bother ?

Because I, for one, would like to run Asterisk on my Windows
workstation at home as an enhanced answering machine :-)


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk as a Operator Phone

[Nikhil]

I am using asterisk as a client not as a server. For client I need 
features like transfer ,call forward ,multiple lines as in normal IP 
Phones like CISOC,polycom.


In asterisk ,we have chan_alsa driver that will communicate to the local 
soundcard. If I installed asterisk in my ubuntu system,and using CLI 
command I can make calls outside and once call connected I can hear and 
talk from my Headphone.


I planing to enhance chan_alsa module to get the features same as in  
SIP client.


Thanks
Nikhil

On 07/26/2011 12:57 AM, Duncan Turnbull wrote:

Asterisk can run operator phones with no problem, there are multiple phones out 
there with addon buttons for automating shared line appearances forwards and 
other functions

For example yealink have the t38 with 6 lines and 16 buttons and the ex 38 with 
38 additional programmable buttons to add to that if you need

Are you talking about a phone that is not sip based?

I am not sure why you need to use chan_alsa?

Cheers Duncan

Sent from my iPhone please excuse the typos

On 25/07/2011, at 12:30 AM, Nikhil  wrote:


Any reply on this..

On 07/22/2011 12:56 PM, Nikhil wrote:

Hi
Does anyone used asterisk as a operator phone,with multiple lines and 
features like transfer forward and etc.I used chan_alsa driver to make asterisk 
as SIP Phone,but it has limitation,we cant make or receive multiple calls,and 
will not able to do any features like transfer forward etc. Is any other 
application available in asterisk to do this .

Thanks
Nikhil

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users




--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users





--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Securing Asterisk

[--[ UxBoD ]--]

That is pretty interesting. I am writing a similar tool but using OSSEC to 
identify the attacks and then share the data between nodes using Memcached and 
AnyEvent. Both Asterisk and Apache, or any other server that can run OSSEC, 
will be able to feed into the shared ban database.
-- 
Thanks, Phil

- Original Message -
> Why not firewall hack attempts after 3 tries?  When we started doing
> that the quantity of hacking attempts dropped right off.  We also
> setup
> our own fail2ban sharing server so that we could share the bans
> across
> multiple servers.  Have a look at
> http://www.f2bshare.org/index.php?title=Main_Page if you want to do
> something similar.  Why try to make Asterisk into something it's not
> intended to be?  Just use your firewall for what it's good at.
> 
> --
> Darren Wiebe
> 
> 
> On 7/23/11 11:38 AM, CDR wrote:
> > I beg to differ. Digium is hiding from the real world and somebody
> > is
> > going take the software and run with it. My customers lost in
> > excess
> > of $50.000 and cut my pay in half, because of hackers. The hackers
> > figured out how to scan every asterisk for weak passwords or open
> > ports, and bang them real good. We need two things: a) disable in
> > sip.conf the reply for INVITES that have wrong user information,
> > and
> > also, b) disable any response to any REGISTER packet altogether.
> > Can
> > somebody please write  patch? Or should we go broke trying to stop
> > the
> > flood of criminals coming from abroad?
> > Federico
> >
> > On Sat, Jul 23, 2011 at 1:00 PM,
> >   wrote:
> >> Send asterisk-users mailing list submissions to
> >> asterisk-users@lists.digium.com
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >> http://lists.digium.com/mailman/listinfo/asterisk-users
> >> or, via email, send a message with subject or body 'help' to
> >> asterisk-users-requ...@lists.digium.com
> >>
> >> You can reach the person managing the list at
> >> asterisk-users-ow...@lists.digium.com
> >>
> >> When replying, please edit your Subject line so it is more
> >> specific
> >> than "Re: Contents of asterisk-users digest..."
> >>
> >>
> >> Today's Topics:
> >>
> >>1. Re: use dahdi for local terminal modem access? (Lyle Giese)
> >>2. dialplan pattern help (Armand Fumal)
> >>3. Re: Securing Asterisk - How to avoid sending, "SIP/2.0 603
> >>   Declined" (Patrick Lists)
> >>4. Re: Securing Asterisk - How to avoid sending, "SIP/2.0 603
> >>   Declined" (Paul Belanger)
> >>
> >>
> >> --
> >>
> >> Message: 1
> >> Date: Sat, 23 Jul 2011 09:29:26 -0500
> >> From: Lyle Giese
> >> Subject: Re: [asterisk-users] use dahdi for local terminal modem
> >> access?
> >> To: asterisk-users@lists.digium.com
> >> Message-ID:<4e2adac6.4010...@lcrcomputer.net>
> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >>
> >>
> >> On 07/22/11 22:47, William Stillwell wrote:
> >>> Um, no VOIP involved here.
> >> Wrong.  What do you think Asterisk is?  Chopped meat?  It's a VoIP
> >> switch.  All traffic inside Asterisk is VoIP.
> >>
> >>> I have an asterisk server with 2 23B+D PRI's
> >>>
> >>> I want to telnet/ssh into the asterisk server, and make an
> >>> outbound call
> >>> serial based modem/terminal connection (Like the 80/90's BBS
> >>> Days).
> >>>
> >>> No TCP/IP or PPP or crazyness
> >>>
> >>> (ie, dialing into a Modem set to AA hooked to a Cisco Console
> >>> Port)
> >>>
> >>>
> >>>
>  -Original Message-
>  From: asterisk-users-boun...@lists.digium.com
>  [mailto:asterisk-users-
>  boun...@lists.digium.com] On Behalf Of Lyle Giese
>  Sent: Friday, July 22, 2011 8:07 PM
>  To: asterisk-users@lists.digium.com
>  Subject: Re: [asterisk-users] use dahdi for local terminal modem
>  access?
> 
>  On 07/22/11 18:13, William Stillwell wrote:
> > I have some terminals that have phone lines.
> >
> > One of my tech had an idea of using IAXmodem or something
> > similar to
>  use
> > existing PRI/DAHDI Trucks for dial out via the asterisk/Linux
>  console.
> > Anybody ever heard of doing this?
> >
> > I would think maybe would use iaxmodem maybe and a shell
> > terminal
>  app?
> > (basically I'm dialing into a remote access device that uses a
> > pots
>  like
> > for remote administration, and don't want to string a channel
> > bank
>  off
> > my asterisk box, and a hook to a modem)
> >
> >
> >
> > --
>  Depends on your expectation.  Because of compression in the
>  codecs, it
>  will be hard to get fast dialup.  If you mean ssh or telnet, it
>  might
>  work.  If you mean vnc or RDP over this, you may not get enough
>  usable
>  bandwidth to do that.
> 
>  Given this, I have in an emergency dialed into a RAS server via
>  a VoIP
>  line. My l

Re: [asterisk-users] Why no traction for Windows version?

[Soeren Malchow (MCon)]

Hi Gilles,

For me the main question would be first, why would you want to port asterisk to 
Windows where you would need to pay license fees ?

And asterisk just runs fine on linux why bother ?

Cheers
Soeren


-Original Message-
From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Gilles
Sent: Tuesday, July 26, 2011 12:52 PM
To: asterisk-users@lists.digium.com
Subject: [asterisk-users] Why no traction for Windows version?

Hello,

Since Asterisk has been ported to exotic platforms like SOHO routers (Linksys, 
Buffalo, etc.) and non-MMU CPUs (Blackfin, etc.), I was wondering why the 
Windows port never really took off.

As far as I can tell, www.asteriskwin32.com is a one-man effort (Patrick 
Deruel's) that is not going anywhere (latest version based on 1.2.26.2).

Are there just not enough interest and too many, deep, Linux-specific 
assumptions in the code, that would explain why Asterisk was never officially 
ported to Windows?

Thank you.


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to 
Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Why no traction for Windows version?

[Gilles]

Hello,

Since Asterisk has been ported to exotic platforms like SOHO routers
(Linksys, Buffalo, etc.) and non-MMU CPUs (Blackfin, etc.), I was
wondering why the Windows port never really took off.

As far as I can tell, www.asteriskwin32.com is a one-man effort
(Patrick Deruel's) that is not going anywhere (latest version based on
1.2.26.2).

Are there just not enough interest and too many, deep, Linux-specific
assumptions in the code, that would explain why Asterisk was never
officially ported to Windows?

Thank you.


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users