Re: [asterisk-users] Someone has hacked into our system
Blocking udp 5060 in the packet filter in unwanted directions should keep asterisk from setting up SIP connections. The real remedy is to figure out how the hacker got in and close the backdoor. I think a lot of us would be interested in what was the vulnerability. And if it turns out that it was a configuration mistake, don't be shy: for every mistake you did in your config, there are at least a thousand people who did the same mistake. You help them (us) by disclosing the error, and if you have already changed the configuration you should not have the error at that time. On 2010-11-22 17:37, Danny Nicholas wrote: *From:* asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Gary Kuznitz *Sent:* Monday, November 22, 2010 10:23 AM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* [asterisk-users] Someone has hacked into our system Someone has hacked into our system and is making calls overseas. How can I: 1. Find out the where the calls are originating from? 2. Block all calls that are not authorized? Our system is in the USA. Only calls from inside our LAN are allowed. Thank you, Gary Kuznitz For #1, start with the CDR. You know that X is calling an overseas number. Determine who X is (or is supposed to be) For #2 (and the rest of #1) restrict your dialing access to a known set of IP's. If you have 5 phones (softphones or actual handsets), block everything that doesn't start with those 5 IP addresses. The first thing I would do is to change all of your passwords in sip.conf and do a sip reload. That will slow down or temporarily stop the hacker. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] ConfBridge
You need the following modules at least. Maybe more, but in a vanilla config you will have them already loaded. It took me some half an hour to figure out that bridge_softmix is needed. app_confbridge.so bridge_softmix.so extensions.conf (this is the most vanilla conference room you can get. Answer is important here): exten = 32,1,Answer exten = 32,n,ConfBridge(1234) meetme.conf: (I am a bit confused here, as my conference room 1234 is defined only here) [general] audiobuffers=32 [rooms] conf = 1234 On 2010-11-20 19:36, Michael wrote: Hello all, Can anyone post a full working example of a configuration required to setup a conference room on Asterisk 1.6.2.x, using ConfBridge? Thank you in advance, Michael -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] problem registering to ekiga.net
Hi! I want my PBX to be reachable at my ekiga.net account. It seems I am registered: vajna2*CLI sip show registry HostUsername Refresh StateReg.Time ekiga.net:5060 magwas 585 Registered Sat, 13 Nov 2010 13:48:22 However when others try to call mag...@ekiga.net, they find me unavailable. My asterisk is available when called directly. (As an aside note, the http://www.ekiga.net/status/presence.php?user=magwas shows me as available even when I am not registering.) What could be the problem? my sip.conf: [general] context=default ; Default context for incoming calls srvlookup=yes ;videosupport=yes allowoverlap=no ; Disable overlap dialing support. (Default is yes) realm=patyicivil.local ; Realm for digest authentication bindport=5060 ; UDP Port to bind to (SIP standard port is 5060) bindaddr=0.0.0.0; IP address to bind to (0.0.0.0 binds to all) externip=188.36.152.83 srvlookup=yes ; Enable DNS SRV lookups on outbound calls disallow=all ; First disallow all codecs ;allow=g726 ;allow=g729 allow=speex allow=ulaw allow=alaw ; Allow codecs in order of allow=ilbc ; preference allow=gsm ;allow=h261 localnet=10.0.0.0/255.0.0.0 register = magwas:mypassw...@ekiga.net registertimeout=20 ; retry registration calls every 20 seconds (default) registerattempts=0 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
