[asterisk-users] Cannot get my first WebRTC experiment to work.
Hi all, Trying to do my first WebRTC. Using stock asterisk 1.13.0. I setup the asterisk according to the recipe on the wiki, but cannot get it to work. Dialing from sipml5 on chrome I get no sound, regular bria on standard sip works. My network setup by the way: I am working from a cable modem, I created the test setup at digital ocean. From my laptop I also have a direct VPN connection to the asterisk server my laptop being 192.168.241.10 and asterisk being 192.168.241.30 I think something is wrong with the RTP address negotiation, but I have trouble interpreting the SDP wrt WebRTC and ICE. 1. asterisk seems to be telling sipml5 to send audio to it's public ip addres, but * sends to 192.168.241.10 2. the asterisk output does show RTP flows to chrome, but there's no sound from chrome. I hope someone can intersperse the output with comments? Thanks, Antonio Asterisk console log, and Javascript console output: http://pastebin.com/dTFTrzg6 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] subscriber absent
Hi all WE have some users that turns off their phones when they are not at home. We see the warning message: Unable to create channel of type 'SIP' (cause 20 - Subscriber absent) just after the Dial() command and a Everyone is busy/congested at this time message. Where is this unable - cause 20 status available in the dialplan? Which variable holds this? We'd like to play something to the caller in case the user is absent. Cheers Ethy -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Investigating international calls fraud
Hello, I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? 2) how does this typically get sorted out with the phone company? they are charging $6.25 per minute for the Texas to Cambodia calls. The phone system owners are at fault, but how have these situations worked out in the past? I'll be tightening things up, but any feedback is appreciated. Thanks, Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
I’ve seen the following exploits of Asterisk / FreePBX boxes: 1) Default PlcmSpIp username and password for Polycom provisioning 2) Insecure SIP usernames and secrets 3) FreePBX GUI accessable from the internet 4) OS remote exploit (maybe ssh/ssl exploit) Mitigation options: 1) Don’t use an easy to guess or default password on provisioning servers. 2) Use secure secrets. Users never enter the secret so we use a 32 char random string of characters for the password 3) Don’t allow connections to port 80 from off-site. 4) Make sure your OS and SSH/SSL is updated packages are updated. Contact your carrier and ask about any possible fraud detection.Verizon SIP service has that feature. I don’t think Level 3 has. Don’t know about CenturyLink. I also recommend locking down the system very tight with IP tables – only allow whitelisted traffic rather than only blocking blacklisted traffic. Fraud is a constant issue for everyone. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Steven McCann Sent: Wednesday, January 28, 2015 4:03 PM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Investigating international calls fraud Hello, I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface Questions I have at this moment: 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? 2) how does this typically get sorted out with the phone company? they are charging $6.25 per minute for the Texas to Cambodia calls. The phone system owners are at fault, but how have these situations worked out in the past? I'll be tightening things up, but any feedback is appreciated. Thanks, Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk Project Security Advisory - AST-2015-001 ProductAsterisk SummaryFile descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion SusceptibilityRemote Authenticated Sessions Severity Major Exploits KnownNo Reported On 6 January, 2015 Reported By Y Ateya Posted On 9 January, 2015 Last Updated OnJanuary 28, 2015 Advisory Contact Mark Michelson mmichelson AT digium DOT com CVE Name Pending Description Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. As the resources are allocated after authentication, this issue only affects communications with authenticated endpoints. Resolution The reported leak has been patched. Affected Versions Product Release Series Asterisk Open Source 1.8.x Unaffected Asterisk Open Source 11.xUnaffected Asterisk Open Source 12.xAll versions Asterisk Open Source 13.xAll versions Certified Asterisk 1.8.28 Unaffected Certified Asterisk 11.6Unaffected Corrected In Product Release Asterisk Open Source12.8.1, 13.1.1 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2015-001-12.diff Asterisk 12 http://downloads.asterisk.org/pub/security/AST-2015-001-13.diff Asterisk 13 Links https://issues.asterisk.org/jira/browse/ASTERISK-24666 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2015-001.pdf and http://downloads.digium.com/pub/security/AST-2015-001.html Revision History DateEditor Revisions Made 9 January, 2015 Mark Michelson Initial creation Asterisk Project Security Advisory - AST-2015-001 Copyright (c) 2015 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello
[asterisk-users] AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
Asterisk Project Security Advisory - AST-2015-002 ProductAsterisk SummaryMitigation for libcURL HTTP request injection vulnerability Nature of Advisory HTTP request injection SusceptibilityRemote Authenticated Sessions Severity Major Exploits KnownNo Reported On 12 January, 2015 Reported By Olle Johansson Posted On January 12, 2015 Last Updated OnJanuary 28, 2015 Advisory Contact Mark Michelson mmichelson AT digium DOT com CVE Name N/A. Description CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150. Resolution Asterisk has been patched with a similar patch as libcURL was for CVE-2014-8150. This means that carriage return and linefeed characters are forbidden from being in HTTP URLs that will be passed to libcURL. Affected Versions Product Release Series Asteris Open Source 1.8.x All versions Asterisk Open Source 11.xAll versions Asterisk Open Source 12.xAll versions Asterisk Open Source 13.xAll versions Certified Asterisk 1.8.28 All versions Certified Asterisk 11.6All versions Corrected In Product Release Asterisk Open Source 1.8.32.2, 11.15.1, 12.8.1, 13.1.1 Certified Asterisk 1.8.28-cert4, 11.6-cert10 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2015-002-1.8.28.diff Certified Asterisk 1.8.28 http://downloads.asterisk.org/pub/security/AST-2015-002-11.6.diff Certified Asterisk 11.6 http://downloads.asterisk.org/pub/security/AST-2015-002-1.8.diffAsterisk 1.8 http://downloads.asterisk.org/pub/security/AST-2015-002-11.diff Asterisk 11 http://downloads.asterisk.org/pub/security/AST-2015-002-12.diff Asterisk 12 http://downloads.asterisk.org/pub/security/AST-2015-002-13.diff Asterisk 13 Links https://issues.asterisk.org/jira/browse/ASTERISK-24676 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at
Re: [asterisk-users] Investigating international calls fraud
You don't mention if the phone is remote, or local. Although you do mention it had a default user/pass. If the UI of the phone was/is accessible from the I'net, the GUI does have the ability to place a call from it, that is one way the calls could have been placed. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Steven McCann Sent: Wednesday, January 28, 2015 4:03 PM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Investigating international calls fraud Hello, I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface Questions I have at this moment: 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? 2) how does this typically get sorted out with the phone company? they are charging $6.25 per minute for the Texas to Cambodia calls. The phone system owners are at fault, but how have these situations worked out in the past? I'll be tightening things up, but any feedback is appreciated. Thanks, Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
The UI (or anything really) is not open to the internet. The only things open are SSH and RDP (on alternate ports). The freepbx web interface has a strong username/password. The only weakness I see is a weak secret SIP password, and default mitel admin password used. There is no provisioning server for the Mitel phones right now. The phone system is on the same subnet/VLAN as the internal network. My guess is some internal computer has a trojan which allowed attackers to do some internal configuration changes. I don't yet know how they launched an outbound call from the internal extension. On Wed, Jan 28, 2015 at 4:38 PM, Terry Brummell te...@brummell.net wrote: You don't mention if the phone is remote, or local. Although you do mention it had a default user/pass. If the UI of the phone was/is accessible from the I'net, the GUI does have the ability to place a call from it, that is one way the calls could have been placed. *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Steven McCann *Sent:* Wednesday, January 28, 2015 4:03 PM *To:* asterisk-users@lists.digium.com *Subject:* [asterisk-users] Investigating international calls fraud Hello, I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? 2) how does this typically get sorted out with the phone company? they are charging $6.25 per minute for the Texas to Cambodia calls. The phone system owners are at fault, but how have these situations worked out in the past? I'll be tightening things up, but any feedback is appreciated. Thanks, Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
Hmm the calls are made during the day (and sometimes very early in the morning). Right now it looks like someone actually made these calls. If that is the case it's somewhat comforting to know the system wasn't compromised. However, the $25,000 phone bill still remains. Yikes. $6.25 per minute to Cambodia seems quite steep to me. On Wed, Jan 28, 2015 at 6:07 PM, Duncan Turnbull dun...@e-simple.co.nz wrote: On 29 Jan 2015, at 11:07, Administrator TOOTAI wrote: Le 28/01/2015 22:03, Steven McCann a écrit : Hello, Hi I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Are you sure the calls weren't actually made internally? Can you see anything to suggest the ip or mac address of the phone changed? Because for someone to take advantage of the calls (assuming they don't get cash out of ringing Cambodia) they needed to proxy through to that phone line, which maybe required them leaving some sort of device on the network. Otherwise I am guessing they got onto your PBX somehow. As suggested logs are important, including DHCP, syslog to see if anything unusual happened. Did the calls run all day or just at night when no one was around? Was there more than one call up at a time? (how many calls does the Mitel phone support?) How long were the calls? Were they varying lengths (more human like) and did they just redial as soon as they were dropped? Or were they automated to trigger as much cost as possible e.g. if the 1st minute is the most expensive then you get a lot of short calls. Good luck Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? Check your logs. In the full log with verbosity 3 you can follow how calls were treated. Also the CDR should give you informations like the extension(s) who placed those calls [...] -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.8.28-cert4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, 13.1.1 Now Available (Security Release)
The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, and 13.1.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerabilities: * AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. * AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150. For more information about the details of these vulnerabilities, please read security advisory AST-2015-001 and AST-2015-002, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert4 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2 http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert10 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.1.1 The security advisories are available at:  * http://downloads.asterisk.org/pub/security/AST-2015-001.pdf  * http://downloads.asterisk.org/pub/security/AST-2015-002.pdf Thank you for your continued support of Asterisk! -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
Le 28/01/2015 22:03, Steven McCann a écrit : Hello, Hi I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? Check your logs. In the full log with verbosity 3 you can follow how calls were treated. Also the CDR should give you informations like the extension(s) who placed those calls [...] -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
Do you have DISA setup? We're seeing lots of attackers running scripts that send digits until they strike a DISA, misconfigured mailbox, etc. (Assuming it wasn't a stupid employee forwarding an inbound call to a 9xxx number etc). Have a look at SecAst (www.generationd.com) - it detects callers sending too many digits, monitors digit dialing speeds, etc. to help identify and block these types of attacks. The free version is better than nothing (but if you've already suffered one $25k attack then you probably don't mind spending a bit of money). Or have a look at http://www.voip-info.org/wiki/view/Asterisk+security for other ideas. There were some (at least one) critical FreePBX weaknesses discovered this summer (you'll find them if you google). Even if you don't expose the management interface to the internet, don't trust FreePBX security alone. -MD- My opinions expressed are my own and do not necessarily reflect those of my employer. However, as an employee of Generation D Systems my opinions are probably biased. From: asterisk-users-boun...@lists.digium.com asterisk-users-boun...@lists.digium.com on behalf of Administrator TOOTAI ad...@tootai.net Sent: Wednesday, January 28, 2015 5:07 PM To: Asterisk Users List Subject: Re: [asterisk-users] Investigating international calls fraud Le 28/01/2015 22:03, Steven McCann a écrit : Hello, Hi I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? Check your logs. In the full log with verbosity 3 you can follow how calls were treated. Also the CDR should give you informations like the extension(s) who placed those calls [...] -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
Hi Michelle, DISA is not in use. I'll check out the SecAst product you mentioned for rebuilding the server. I'm digging into the logs to get some more information. Thanks, Steve On Wed, Jan 28, 2015 at 5:30 PM, Michelle Dupuis mdup...@ocg.ca wrote: Do you have DISA setup? We're seeing lots of attackers running scripts that send digits until they strike a DISA, misconfigured mailbox, etc. (Assuming it wasn't a stupid employee forwarding an inbound call to a 9xxx number etc). Have a look at SecAst (www.generationd.com) - it detects callers sending too many digits, monitors digit dialing speeds, etc. to help identify and block these types of attacks. The free version is better than nothing (but if you've already suffered one $25k attack then you probably don't mind spending a bit of money). Or have a look at http://www.voip-info.org/wiki/view/Asterisk+security for other ideas. There were some (at least one) critical FreePBX weaknesses discovered this summer (you'll find them if you google). Even if you don't expose the management interface to the internet, don't trust FreePBX security alone. -MD- My opinions expressed are my own and do not necessarily reflect those of my employer. However, as an employee of Generation D Systems my opinions are probably biased. From: asterisk-users-boun...@lists.digium.com asterisk-users-boun...@lists.digium.com on behalf of Administrator TOOTAI ad...@tootai.net Sent: Wednesday, January 28, 2015 5:07 PM To: Asterisk Users List Subject: Re: [asterisk-users] Investigating international calls fraud Le 28/01/2015 22:03, Steven McCann a écrit : Hello, Hi I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? Check your logs. In the full log with verbosity 3 you can follow how calls were treated. Also the CDR should give you informations like the extension(s) who placed those calls [...] -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
On 29 Jan 2015, at 11:07, Administrator TOOTAI wrote: Le 28/01/2015 22:03, Steven McCann a écrit : Hello, Hi I'm investigating a situation where there was a hundreds of minutes of calls from an internal SIP extension to an 855 number in Cambodia, resulting in a crazy ($25,000+) bill from the phone company. I'm investigating, but can anyone provide some feedback on what's happened here? I'm investigating how this happened as well as what types of arrangements can be made with the phone company (CenturyLink in Texas). Are you sure the calls weren't actually made internally? Can you see anything to suggest the ip or mac address of the phone changed? Because for someone to take advantage of the calls (assuming they don't get cash out of ringing Cambodia) they needed to proxy through to that phone line, which maybe required them leaving some sort of device on the network. Otherwise I am guessing they got onto your PBX somehow. As suggested logs are important, including DHCP, syslog to see if anything unusual happened. Did the calls run all day or just at night when no one was around? Was there more than one call up at a time? (how many calls does the Mitel phone support?) How long were the calls? Were they varying lengths (more human like) and did they just redial as soon as they were dropped? Or were they automated to trigger as much cost as possible e.g. if the 1st minute is the most expensive then you get a lot of short calls. Good luck Some details: * PBX is located in Texas * Phone carrier is CenturyLink * FreePBX distro running asterisk 1.8.14 * source SIP extension is Mitel 5212, firmware 08.00.00.04, default admin password (argh!). Phone is used by many different people. More PBX setting details: * inbound SIP traffic is not allowed through the firewall * internal network is not accessed by many * FreePBX web interface *Questions I have at this moment:* 1) how were the calls placed? Was the Mitel SIP phone hacked somehow? Asterisk PBX? Check your logs. In the full log with verbosity 3 you can follow how calls were treated. Also the CDR should give you informations like the extension(s) who placed those calls [...] -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] What conditions allow the use of dahdi native bridge?
Hi all, I want to test the Native Bridge mode of DAHDI (FXS/FXO). I use asterisk 11.14.2 and DAHDI 2.8.0. I try to set callwaiting = no AND callwaitingcallerid = no in chan_dahdi.conf. But I can't find native bridging information from CLI(opened debug mode in logger.conf). How can I test the dahdi_bridge in native bridge mode? I use normal dial command ex: Dial(DAHDI/2,30,tTkK) to dial from FXS1 to FXS2. Does anyone kind to help me solve it? -- Best Regards Charles -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Investigating international calls fraud
Hmm the calls are made during the day (and sometimes very early in the morning). Right now it looks like someone actually made these calls. If that is the case it's somewhat comforting to know the system wasn't compromised. However, the $25,000 phone bill still remains. Yikes. $6.25 per minute to Cambodia seems quite steep to me. Since the Mitel had a default admin password, it seems possible that somebody accessed its UI over the network, and then accessed and copied its SIP credentials for your Asterisk server. If that's the case, the calls might not have been placed through the phone. The miscreant could have configured the purloined credentials into another hardphone, or a softphone app on any PC or tablet or cellphone which was able to access your LAN. The cloned phone would not have needed to actually register with Asterisk... it could simply have send an INVITE to place a call, and Asterisk would have challenged it and then accepted the credentials. If your CDR log shows IP addresses for each call, you might be able to compare these with your DHCP (or whatever) IP registration service, and see if the calls actually came through the phone or not. If not you might be able to identify the device which initiated the calls. The bad news is, I suspect that you're probably on the hook for the cost of the calls. In the case of an inside job it's often hard to legitimately disavow the charges. You may have to pay the bill and then (if you can identify whomever placed the unauthorized calls) attempt to recover the cost from him/her in court. This sort of misused by an insider might be theft by conversion. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk Java API - Up to date
On Tue, Jan 27, 2015 at 4:14 PM, symack sym...@gmail.com wrote: Hello Everyone, I am required to write a java program that will get our asterisk to: * Query the database for phone numbers * Loop through numbers and dial * Play message * Get dial pressed response - If 1 = Yes - If 2 = No - If 3 = Connect to Agent * AMD Capable * Disposition I am proficient with Java and found the Asterisk-Java API. My questions are: * What is the recommended API to use * Is Asterisk-Java API maintained by digium * Am I overlooking anything? Your help is greatly appreciated. There's many ways to accomplish this, many have been discussed on this mailing list. You are going to use the AMI to originate calls into asterisk. No, Asterisk-Java is not maintained my Digium. As for overlooking, likely, but you should be able to see anything you missed in your testing phase. You should be able to google Asterisk dialers to see some example that people have done. -- Paul Belanger | PolyBeacon, Inc. Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] queue show queue-name vs queue log for calculating average hold time
On Wed, Jan 28, 2015 at 1:37 PM, Paul Belanger paul.belan...@polybeacon.com wrote: On Wed, Jan 28, 2015 at 12:23 PM, Ishfaq Malik i...@pack-net.co.uk wrote: Hi We're using 1.8.23.1 on CentOS 5 and are trying to get accurate stats for queues. For a particular customer, when I run queue show queue_name I get the following numbers: queue_name has 0 calls (max unlimited) in 'ringall' strategy (17s holdtime, 94s talktime), W:0, C:175, A:44, SL:48.6% within 45s So from that data we look at 17s holdtime And assume that is the average hold time before calls get answered by a queue members. However, if I calculate the average hold time from out queue log table using the following SQL select sum(data1)/ count(*) as ave_hold_time from queue_log where time DATE(NOW()) and queuename='queue_name' and event='CONNECT'; I get the vastly different figure of 92.4. So, is the queue show figure wrong due to a bug or am I making an incorrect assumption as to what it means? Thanks in advance Welcome to business logic embedded into app_queue. The issue with the queue show command rendering stats, is what timeframe are the stats aggregated over? IIRC, the calculations are using a moving average[1]. Opps, sent instead of pasting. Either way, your likely better off rendering the data using the raw sql info vs depending on CLI output. That's what we've done. [1] http://en.wikipedia.org/wiki/Moving_average -- Paul Belanger | PolyBeacon, Inc. Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] queue show queue-name vs queue log for calculating average hold time
On Wed, Jan 28, 2015 at 12:23 PM, Ishfaq Malik i...@pack-net.co.uk wrote: Hi We're using 1.8.23.1 on CentOS 5 and are trying to get accurate stats for queues. For a particular customer, when I run queue show queue_name I get the following numbers: queue_name has 0 calls (max unlimited) in 'ringall' strategy (17s holdtime, 94s talktime), W:0, C:175, A:44, SL:48.6% within 45s So from that data we look at 17s holdtime And assume that is the average hold time before calls get answered by a queue members. However, if I calculate the average hold time from out queue log table using the following SQL select sum(data1)/ count(*) as ave_hold_time from queue_log where time DATE(NOW()) and queuename='queue_name' and event='CONNECT'; I get the vastly different figure of 92.4. So, is the queue show figure wrong due to a bug or am I making an incorrect assumption as to what it means? Thanks in advance Welcome to business logic embedded into app_queue. The issue with the queue show command rendering stats, is what timeframe are the stats aggregated over? IIRC, the calculations are using a moving average[1]. -- Paul Belanger | PolyBeacon, Inc. Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Cannot get my first WebRTC experiment to work.
On Wed, Jan 28, 2015 at 8:27 AM, Antonio Gómez Soto antonio.gomez.s...@gmail.com wrote: Hi all, Trying to do my first WebRTC. Using stock asterisk 1.13.0. I setup the asterisk according to the recipe on the wiki, but cannot get it to work. Dialing from sipml5 on chrome I get no sound, regular bria on standard sip works. My network setup by the way: I am working from a cable modem, I created the test setup at digital ocean. From my laptop I also have a direct VPN connection to the asterisk server my laptop being 192.168.241.10 and asterisk being 192.168.241.30 I think something is wrong with the RTP address negotiation, but I have trouble interpreting the SDP wrt WebRTC and ICE. 1. asterisk seems to be telling sipml5 to send audio to it's public ip addres, but * sends to 192.168.241.10 2. the asterisk output does show RTP flows to chrome, but there's no sound from chrome. I hope someone can intersperse the output with comments? Pastebin the fill debug, you've delete an important piece of information. -- Paul Belanger | PolyBeacon, Inc. Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] queue show queue-name vs queue log for calculating average hold time
Hi We're using 1.8.23.1 on CentOS 5 and are trying to get accurate stats for queues. For a particular customer, when I run queue show queue_name I get the following numbers: queue_name has 0 calls (max unlimited) in 'ringall' strategy (17s holdtime, 94s talktime), W:0, C:175, A:44, SL:48.6% within 45s So from that data we look at 17s holdtime And assume that is the average hold time before calls get answered by a queue members. However, if I calculate the average hold time from out queue log table using the following SQL select sum(data1)/ count(*) as ave_hold_time from queue_log where time DATE(NOW()) and queuename='queue_name' and event='CONNECT'; I get the vastly different figure of 92.4. So, is the queue show figure wrong due to a bug or am I making an incorrect assumption as to what it means? Thanks in advance Ish -- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, Duplex 2, Ducie House 37 Ducie Street Manchester, M1 2JW COMPANY REG NO. 04920552 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk Java API - Up to date
Hello Paul, Thank you for your response. You are going to use the AMI Looking into AGI vs AMI it seems that coding functionality such as playing a file using AMI is not as trivial as AGI. Correct me if i'm wrong however, is managing the channel easier in AGI than is AMI? As for examples a lot of them use AGI probably because of it's ease of use, and not necessarily correctness. Is there a java example that uses AMI that simply calls a number and plays a file? Your help is greatly appreciated. N. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
