[asterisk-users] Autoreply ( Autoreply (Re: getting invites to rtp ports ??))

2018-09-09 Thread info 
Bedankt voor uw bericht.

Online4You is sinds 1 augustus niet meer operationeel. Per e-mail hebben wij u 
geinformeerd over de omstandigheden en uw opties.

Helaas kunnen wij u niet meer helpen, uw mail wordt niet doorgestuurd en/of 
beantwoord.

Indien uw abonnement is overgenomen door KovoKs, kijk dan voor contactgegevens 
op https://www.kovoks.nl/.

Dank voor uw vertrouwen de afgelopen jaren!

Met vriendelijke groet,

Online4You B.V.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Astricon is coming up October 9-11!  Signup is available at: 
https://www.asterisk.org/community/astricon-user-conference

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Autoreply (Re: getting invites to rtp ports ??)

2018-09-09 Thread info 
Bedankt voor uw bericht.

Online4You is sinds 1 augustus niet meer operationeel. Per e-mail hebben wij u 
geinformeerd over de omstandigheden en uw opties.

Helaas kunnen wij u niet meer helpen, uw mail wordt niet doorgestuurd en/of 
beantwoord.

Indien uw abonnement is overgenomen door KovoKs, kijk dan voor contactgegevens 
op https://www.kovoks.nl/.

Dank voor uw vertrouwen de afgelopen jaren!

Met vriendelijke groet,

Online4You B.V.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Astricon is coming up October 9-11!  Signup is available at: 
https://www.asterisk.org/community/astricon-user-conference

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] getting invites to rtp ports ??

2018-09-09 Thread John Covici 
Hi.  So, I applied the patch, works, but I could not figure out a
fail2ban regex which will hit that line, have you got one I can use?

Thanks.

On Thu, 30 Aug 2018 11:03:08 -0400,
sean darcy wrote:
> 
> On 08/29/2018 09:33 PM, John Covici wrote:
> > OK, Thanks.  I have a couple of questions -- the line numbers do not
> > match exactly, so can you tell me a couple of lines before and after
> > the line in question?  Also, when will this be logged, if its only
> > during sip debug, I need to change it to log when I can see it more
> > readily.
> > 
> > Thanks.
> > 
> > On Wed, 29 Aug 2018 20:31:15 -0400,
> > sean darcy wrote:
> >> 
> >> On 08/29/2018 08:07 PM, John Covici wrote:
> >>> I wonder if I could have that patch, maybe I could add it to my
> >>> fail2ban regexp and if you have the correct regexp, I would apperciate
> >>> that as well.
> >>> 
> >>> Thanks.
> >>> 
> >>> On Wed, 29 Aug 2018 19:18:29 -0400,
> >>> Telium Support Group wrote:
>  
>  Depending on log trolling (Asterisk security log) misses a lot, and also 
>  depends on the SIP/PJSIP folks to not change message structure (which 
>  has already happened numerous time).  If  you are comfortable hacking 
>  chan_sip.c you may prefer to get the same messages from the AMI.  It 
>  still misses a lot but that approach is better than nothing.
>  
>  Digium warns not to use fail2ban / log trolling as a security system: 
>  http://forums.asterisk.org/viewtopic.php?p=159984
>  
>  
>  -Original Message-
>  From: asterisk-users [mailto:asterisk-users-boun...@lists.digium.com] On 
>  Behalf Of sean darcy
>  Sent: Wednesday, August 29, 2018 6:33 PM
>  To: asterisk-users@lists.digium.com
>  Subject: Re: [asterisk-users] getting invites to rtp ports ??
>  
>  On 08/29/2018 11:59 AM, Telium Support Group wrote:
> > Block a single IP is the wrong approach (whack-a-mole).  You should 
> > consider a more comprehensive approach to securing your VoIP 
> > environment.  Have a look at this wiki:
> > 
> > https://www.voip-info.org/asterisk-security/
> > 
> > 
> > 
> > -Original Message-
> > From: asterisk-users [mailto:asterisk-users-boun...@lists.digium.com]
> > On Behalf Of sean darcy
> > Sent: Wednesday, August 29, 2018 10:46 AM
> > To: asterisk-users@lists.digium.com
> > Subject: Re: [asterisk-users] getting invites to rtp ports ??
> > 
> > On 08/29/2018 09:42 AM, Carlos Rojas wrote:
> >> Hi
> >> 
> >> Probably somebody is trying to hack your system, you should block
> >> that ip on your firewall.
> >> 
> >> Regards
> >> 
> >> On Wed, Aug 29, 2018 at 9:34 AM, sean darcy  >> > wrote:
> >> 
> >>I'm getting invites to very high ports every 30 seconds from a
> >>particular ip address:
> >> 
> >>Retransmitting #10 (NAT) to 5.199.133.128:52734
> >>:
> >>SIP/2.0 401 Unauthorized
> >>Via: SIP/2.0/UDP
> >>
> >> 0.0.0.0:52734;branch=z9hG4bK1207255353;received=5.199.133.128;rport=52734
> >>From:  >>>;tag=1872048972
> >>To:  >>>;tag=as3a52e748
> >>Call-ID: 1504207870-295758084-609228182
> >>CSeq: 1 INVITE
> >>...
> >>WARNING[150318]: chan_sip.c:4127 retrans_pkt: Timeout on
> >>1504207870-295758084-609228182...
> >> 
> >>I thought invites had to go to port 5060 or so. I don't 
> >> understand
> >>why somebody (let's assume a bad guy) is trying ports above 
> >> 5.
> >> 
> >>sean
> >> 
> >> 
> > 
> > Ok, so the high port is not the destination port but the source port.
> > 
> > So I hacked the log warning in chan_sip.c on non-critical invites to 
> > show the source ip:
> > 
> > ast_log(LOG_WARNING, "Timeout on %s non-critic invite trans from
> > %s.\n",
> > pkt->owner->callid,ast_sockaddr_stringify(sip_real_dst(pkt->owner)));
> > 
> > With that in the log, I'm now blocking the ip addresses.
> > 
> > Thanks,
> > sean
> > 
> > 
> > --
> > _
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> > 
> > Astricon is coming up October 9-11!  Signup is available at:
> > https://www.asterisk.org/community/astricon-user-conference
> > 
> > Check out the new Asterisk community forum at:
> > https://community.asterisk.org/
> > 
>  
>  I agree. That's why I hacked chan_sip.c to get the addresses in the log.
>  
>  I'm surprised they're not in the log by default. I must be t

Re: [asterisk-users] failed to find existing extension

2018-09-09 Thread Antony Stone 
On Saturday 08 September 2018 at 22:38:19, aster...@a-domani.nl wrote:

> Hi all
> 
> some how I'm getting confused: it seems I clobbered incoming calls from
> my sip provider.
> I can not imagine that my upgrade from 15.3 to 15.5 could be related
> 
> I'm certain that dialling my own number, results in reaching asterisk,
> from my tcpdump.
> 
> And on the asterisk console I get:
> pbx*CLI>
>== Using SIP RTP CoS mark 5
> 
> > 0x7f49ac54c040 -- Strict RTP learning after remote address set
> 
> to: 185.29.203.27:62474
> [Sep  8 22:12:50] NOTICE[835][C-0028]: chan_sip.c:26513
> handle_request_invite: Call from '77707057984' (185.29.203.27:5060) to
> extension '31705680837' rejected because extension not found in context
> '[0705680837]'.
> pbx*CLI>
> 
> Which is strange, as the first lines from the dialplan for this context
> are:
> [0705680837]
> 
> exten => s,1,NooP(Default general incoming on CC)
>   same => n,Answer();
>   same => n,Background(dit_is_het_nummer_van_de_familie_witvliet)
>   same => n,WaitExten(2)
> 
> exten => i,1,NooP(Invalid general incoming on CC)
>   same => n,Answer
>   same => n,Playback(pbx-invalid)
>   same => n,,Hangup

You have two commas there, which is not right, and might be a problem?

> exten => 31705680837,1,NooP( Incoming 31705680837 on CC)
>   same => n,Answer();
>   same => n,Background(dit_is_het_nummer_van_de_familie_witvliet)
>   same => n,Wait(1)
>   same => n,Hangup()
> 
> and settings are up-to-date; when i do:
> pbx*CLI> dialplan show 31705680837@0705680837
> [ Context '0705680837' created by 'pbx_config' ]
>'31705680837' =>  1. NooP( Incoming 31705680837 on CC)
> [extensions.conf:625]

So, that is line 625...

>  2. Answer()
> [extensions.conf:632]

And then it continues with lines 632..635??

>  3.
> Background(dit_is_het_nummer_van_de_familie_witvliet)
> [extensions.conf:633]
>  4. Wait(1)
> [extensions.conf:634]
>  5. Hangup()
> [extensions.conf:635]
>'_X.05680837' =>  1. NooP(general S Incoming *5680837 on CC)
> [extensions.conf:649]

The next context occupies lines 649..653, okay.

>  2. Answer()
> [extensions.conf:650]
>  3.
> Background(dit_is_het_nummer_van_de_familie_witvliet)
> [extensions.conf:651]
>  4. Wait(1)
> [extensions.conf:652]
>  5. Hangup()
> [extensions.conf:653]
>'_X.' =>  1. NooP(general incoming on CC)
> [extensions.conf:620]

And then finally we have lines 620..623

>  2. Answer()
> [extensions.conf:621]
>  3.
> Background(dit_is_het_nummer_van_de_familie_witvliet)
> [extensions.conf:622]
>  4. WaitExten(2)
> [extensions.conf:623]
> -= 3 extensions (14 priorities) in 1 context. =-
> (yeah, i know, last one is pretty desperate)
> 
> Still, asterisk answers
> 22:03:43.608225 IP (tos 0x0, ttl 64, id 35247, offset 0, flags [none],
> proto UDP (17), length 476)
>  192.168.0.25.5060 > 185.29.203.27.5060: SIP, length: 448
>  SIP/2.0 404 Not Found
>  Via: SIP/2.0/UDP
> 185.29.203.27:5060;branch=z9hG4bKf4fd.4361f417.0;received=185.29.203.27;rpo
> rt=5060 From: ;tag=d4qpms6vsntnh6bj.o To:
> ;tag=as7d7a0cb7
>  Call-ID: SBC32.261.6202722
>  CSeq: 881 INVITE
>  Server: Asterisk PBX 15.5.0
>  Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE,
> NOTIFY, INFO, PUBLISH, MESSAGE
>  Supported: replaces, timer
>  Content-Length: 0
> 
> 
> So, tcpdump and *-logging seems to match with each other, but not with
> my dialplan :-(
> 
> 
> Any suggestion how I should examine this?

1. Try removing one of the two commas.

2. Take a copy of your dialplan, and then strip out *everything* except the 
one context and the one number you want to match:

[0705680837]
exten => 31705680837,1,NooP( Incoming 31705680837 on CC)
  same => n,Answer();
  same => n,Background(dit_is_het_nummer_van_de_familie_witvliet)
  same => n,Wait(1)
  same => n,Hangup()

3. Of course, make sure your sip.conf points this provider at the context 
(although that does seem to be working from the console output).

4. Turn on debug logging, not just verbose.


Regards,


Antony.

-- 
What's brown, lies in the grass, and smokes?
A tiny fireplace.
(Sorry, this joke only really works in German).

   Please reply to the list;
 please *don't* CC me.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Astricon is coming up October 9-11!  Signup is available at: 
https://www.asterisk.org/community/astricon-user-conference

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getti