Re: [asterisk-users] Ongoing attack from 188.138.100.16
iptables -A INPUT --src 188.138.100.16 -j DROP On Mar 6, 2012 7:29 PM, Mike Diehl mdi...@diehlnet.com wrote: I've been logging sip registrations from this IP address for 2 days now. I've emailed the domain's admin, but nothing seems to come of it. I've routed him into oblivion, but still, I think 50 requests a second for 2 days is a bit much. Any ideas? -- Take care and have fun, Mike Diehl. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Auto provisioning from public server
I havent had much auto provisioning experience, however, what about just using IPTables to create an access list essentially for known IPs to connect via HTTP/HTTPS and block all other addresses. This would only work if the phones are coming from a Static IP, but I figured i'd give my 2 cents to try and help. On Tue, Oct 26, 2010 at 11:31 AM, Jonas Kellens jonas.kell...@telenet.bewrote: Hello, has anyone experience with auto provisioning IP-phones on different locations through a central public provisioning server ? You use http or https ? Is there a danger that one uses a different MAC-address in the provisioning link to obtain SIP username / password settings ? Kind regards, Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Matt -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] fraud advice
We took a pretty nasty hit one time, a system administrator didnt listen to us about changing the passwords. Luckily they took part of the blame in that, and we split the 1800$ it cost us in half. We could have changed them, and she didnt change them, so we were both at fault. Like said previously, fail2ban is a pretty good start. Weak secrets definitely dont help. An interesting project to look into and i'm working with right now, i've got a honeypot set up in the wild, but havent gotten anything really worth while yet... http://www.infiltrated.net/voipabuse/defensive.html I'd also suggest, if you dont *have* to have international dialing on the trunk. Turn it off, put a pin on it, or just send it to a dummy trunk that doesnt do anything or route anywhere. I really hope this helps, and best of luck with cleaning up from the aftermath. I know ours was a pretty good wake up call to us to really start locking things down. I know its lame, but from Network Security Hacks. Security isn't a noun, it's a verb; not a product, but a process --Matt On Fri, Oct 15, 2010 at 11:50 AM, Jeff LaCoursiere j...@sunfone.com wrote: On Fri, 2010-10-15 at 11:20 -0400, Steve Totaro wrote: This is nothing new. Trunk to trunk transfers and other exploits could be used on old school phone systems to do the same thing. I would start with getting the current balance, if over $10k call the FBI, call them anyways, it couldn't hurt. You want the Feds to check things out before local police if possible. Gather as much info as possible, along with police and FBI case numbers and then call the carrier and see what can be done. A friend of mine took what was supposed to be my one month rotation to Iraq. I had too much going on to be in Iraq for a month and a half and had taken the last rotation so it wasn't even my turn. The phone bill came for his cell (company provided on Asia Cell) for $4k in just a couple weeks. It turns out that he was not using the cell and one of the cleaning people stole his SIM. After contacting Asia Cell a few times about the matter, they credited the whole amount back. So you never know. As for security, I assume you need to allow these extensions to register from outside the LAN? If not, then only allow them to register via a LAN IP, I would do it with iptables, only allow the provider IP through. I am curious what your user:pass was? something like 1000:1000, I see many systems setup like this and am surprised they haven't been hit yet. In the future, you could use a scheme that makes it much more secure and also pretty easy to maintain. The username could be the MAC and the pass could be the serial number or asset tags if you use them. I know there must be dozens of people reading this that have had the same issue but are embarrassed to speak up. Thanks Steve - that is the kind of advice I was looking for. I'm willing to take my lumps for the weak passwords on those accounts, and the lack of any filtering. I do understand the issues and the steps I need to take to better secure the switches in service, and just need to get off my a$$ and do it. Mainly I am hoping to hear from someone who has gone through the aftermath - as you mention above. So far I have had a discussion with the carrier who is opening an investigation. I'll contact the FBI today as well. I'll send an update when this is all over for posterity. (BTW Sierra Leone is in West Africa, not the Middle East.) True ;) Most of the calls were Iraq, UAE, Lebanon... Found another one today that was 2.5 DAYS long to Chile. Bizarre. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] GXP-21XX
Typically Grandstream 21XX and 20XX is all we've deployed in the past and have had great success with them. I occasionally ( and I mean rarely ) get complaints about calls when on speaker phone, but I think thats more user error than anything else, i've been using them for a couple years now and have had nothing but the best with them. The only quirk that i'm still looking into, is that dang Intercom button. Other than that, Grandstreams are really the way to go IMHO. Side note: We've probably got close to 400 deployed --Matt On Wed, Oct 13, 2010 at 10:43 AM, Bryant Zimmerman brya...@zktech.comwrote: Anyone used the new Grandstream GXP-21XX series phones. We have been testing these phones and like what we see. We are looking for a greater cross section of testing before we roll them to production. Any feed back would be appreciated. We are talking with Grandstream engineering and they are looking for feed back as well. Any input is appreciated. Thanks Bryant -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Global Outage?
Is anyone else using Vitelity right now and having an issue with a global outage of sorts? Potral/WWW arent accessible and it would appear through monitoring that the outbound is flapipng like mad. The outbound can be rerouted, I know, but inbound is a huge problem right now. [Sep 4 10:26:13] NOTICE[27507]: chan_sip.c:15679 sip_poke_noanswer: Peer 'vitel-outbound' is now UNREACHABLE! Last qualify: 1193 [Sep 4 10:26:23] NOTICE[27507]: chan_sip.c:12528 handle_response_peerpoke: Peer 'vitel-outbound' is now Reachable. (176ms / 2000ms) --Matt -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Vitelity offline?
Not that I'm aware of short of our direct contact. It would appear from the traceroutes that i've done this morning, that this appears to be a big part of the issue Tracing route to portal.vitelity.net [64.74.178.100] 1074 ms74 ms75 ms pos-1-14-0-0-cr01.denver.co.ibone.comcast.net[68.86.85.118] After that, the trace dies. On Sat, Sep 4, 2010 at 11:52 AM, Roger Marquis marq...@roble.com wrote: Vitelity seems to be offline to both IP and voice traffic. Is there any place to find out what their status is? Roger Marquis -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users --Matt -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Vitelity offline?
Just a heads up. It would appear that Vitelity is back online and processing calls and the portal is back up and running. On Sat, Sep 4, 2010 at 12:14 PM, Matt Desbiens desbie...@gmail.com wrote: Not that I'm aware of short of our direct contact. It would appear from the traceroutes that i've done this morning, that this appears to be a big part of the issue Tracing route to portal.vitelity.net [64.74.178.100] 1074 ms74 ms75 ms pos-1-14-0-0-cr01.denver.co.ibone.comcast.net [68.86.85.118] After that, the trace dies. On Sat, Sep 4, 2010 at 11:52 AM, Roger Marquis marq...@roble.com wrote: Vitelity seems to be offline to both IP and voice traffic. Is there any place to find out what their status is? Roger Marquis -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users --Matt -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] double DTMF digits
We've actually had issues with Flowroute in the past where DTMF was a constant issue. My best suggestion for course of action is find another provider. NexVortex is pretty solid all around. They also had the quickest recourse for when GNAPS went bottoms up last month and sent pretty much all VoIP traffic in New England into a tailspin. --Matt On Thu, Aug 26, 2010 at 3:23 PM, Andres and...@telesip.net wrote: On 8/26/2010 2:55 PM, M S wrote: Hi, I've been getting complaints lately that callers to my IVR are pressing a digit once but the system is responding as if they pressed it twice (once for each of two consecutive menus). I'm using an AGI script and logging all DTMF entries - and to the script, at least, it looks like the digit is being pressed twice. The TN being called is a VOIP number (provided by Flowroute) and being forwarded via SIP to my asterisk 1.6.2.4 server. The dtmfmode is set to rfc28333 in sip.conf. The first time this happened, I figured the caller pressed the number twice without realizing it. It's happening to too many people for that to be plausible anymore. I also experienced it once myself, months ago, when I entered my tn as 1234567890 and had it read back to me as 1122334455. Can anyone give me some pointers where to start troubleshooting? Can overloading a system cause such an error? Thanks, I have seen this before. Upon careful analisys we saw that the far end was sending the digits in RFC2833 plus SIP INFO (or Inband, I can't remember). Thus Asterisk detected double digits. The solution was to ask the remote end to only send RFC2833. Andres http://www.telesip.net -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Level3 reseller needed
VoIPInnovations from what I understand is pretty good, haven't dealt much with them though. Worth a call and an interop. --Matt Desbiens //EOF On Thu, Jul 8, 2010 at 3:33 PM, Adam Moffett a...@plexicomm.net wrote: I'm in the Northeast US and looking for any recommendations on Level3 resellers. I don't do enough volume to go to Level3 directly. If there's anybody you'd definitely avoid I'd love to hear about that too. Thanks, Adam -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Brute force attacks
I've noticed from time to time, that fail2ban just craps out, so, this might be of interest to the community assuming you use 192.168.100.0/24 on your network iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT iptables -A INPUT -s carrierip.x.x.x -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 1:2 -j ACCEPT iptables -A INPUT -p udp -m udp --destination-port 5060 -j DROP iptables -A INPUT -p udp -m udp --destination-port 1:2 -j DROP iptables -A INPUT -p udp -m udp --destination-port 4000:4999 -j DROP iptables -A INPUT -p udp -m udp --destination-port 4569 -j DROP iptables -A INPUT -p tcp -m tcp --destination-port 5038 -j DROP iptables -A INPUT -p tcp -m tcp --destination-port 22 -j DROP iptables -A INPUT -p udp -m udp --destination-port 22 -j DROP iptables -A OUTPUT -o eth0 -p all -j ACCEPT iptables -A OUTPUT -o eth1 -p all -j ACCEPT iptables -A INPUT -i eth0 -p all -j ACCEPT iptables -A INPUT -i eth1 -p all -j ACCEPT iptables -P INPUT DROP 2010/7/2 Jonathan González jonathan@gmail.com Same activity from these IPs: 174.129.137.135 89.35.123.12 209.20.66.234 184.73.30.42 184.73.44.61 87.106.187.137 194.44.244.187 203.55.198.100 209.76.47.11 94.74.229.229 93.184.79.59 209.62.53.242 On Thu, Jul 1, 2010 at 10:56 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: The IP 69.175.35.186 has just been banned by Fail2Ban after 293 attempts against our server. *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *John Timms *Sent:* Thursday, July 01, 2010 11:32 AM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] Brute force attacks On Thu, Jul 1, 2010 at 9:16 AM, Ishfaq Malik i...@pack-net.co.uk wrote: Hi We've just noticed attempts (close to 20 attempts, sequential peer numbers) at guessing peers on 2 of out servers and thought I'd share the originating IPs with the list in case anyone wants to firewall them as we have done 109.170.106.59 112.142.55.18 124.157.161.67 Ish -- Ishfaq Malik Software Developer PackNet Ltd Office: 0161 660 3062 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users We have noticed the same sort of activity on our server. The originating IP addresses attempting access were: 204.9.204.145 (hosted at U.S. Colo, I believe) 91.203.132.149 (Nephax) 130.70.157.186 (University of Louisiana) 61.160.121.46 (Chinanet) 109.170.0.10 (ReasonUP Ltd) -- John Timms IT Department - Gnoso Inc. j...@gnoso.com -- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Matthew Desbiens //* EOF *// -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Long shot... Order Logix
Has anyone ever integrated the software from order logix into their system? This is primarily an API driven, pulled from a SQL database and stored for a client to access... Order Logix deals primarily with Call Centers, it pulls the information from the SQL database, and will allow access for the client to pull the recording and all associated call information... I know its a long shot and everything should be in SQL to be pulled from the DB and posted, but I want to know what I'm getting into before I dive in... -- Matt //* EOF *// -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Which IP Phone and the codecs
I disagree with the Grandstreams. I have had pretty good luck with the 2000's and the GXP2010 especially. The Aastras i've had more of an issue with, but i'm not completely against them. The fact that you have to use I.E. on the Aastra web UI is kinda crappy, but you do what you have to do. --Matt Desbiens BestVoIPUSA.com O:603.677.0004 On Sat, Nov 28, 2009 at 4:00 PM, Michael Graves mgra...@mstvp.com wrote: On Fri, 27 Nov 2009 06:50:15 -0800 (PST), bilal ghayyad wrote: Hello All; Anyone can advise for the good phone (Polycom, Linksys, ... etc) that is a stable and support the codecs: g723, g729, and speex? Actually I would like to have the speex codec because it have the ability to compress to very high compression so we can work with the low bandwidth (for speed about 3 or 4 kbps). I tried Grandstream but really it is a bad device and not worthy to buy it or deal with it. The one I got was having a problem in its handset (there is a noise sound), also it capabilities are very weak. Any one can advise for a good phone? What about Linksys? Does it support speex codec? You're going to some some trouble finding speex support in hard phones. Few support it. None from major manufacturers that I'm aware of. You will find G.729 support in just abotu every phone, and G.723 in many as well. I reality G.729 is the industry standard low bit rate codec. 8 kbps is pretty low, and it's MOS rating is good. Michael -- Michael Graves mgravesatmstvp.com http://www.mgraves.org o713-861-4005 c713-201-1262 sip:mgra...@mstvp.onsip.com sip%3amgra...@mstvp.onsip.com skype mjgraves Twitter mjgraves ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Matthew Desbiens 603.581.3160 //* EOF *// ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] distribute free call minutes over different channels
Couldnt you do this by calling MySql? Compare who has the least minutes used and then send it out the appropriate channel? --Matt On Tue, Nov 24, 2009 at 7:07 AM, Eckhard Jokisch e.joki...@orange-moon.dewrote: Hi, I have 4 ISDN channels (2 lines) and each line may do calls of up to 360 minutes/month for free. As I understand asterisk will pick the first available line so the probability is big that the other lines will not use their free minutes and the firs line will exceed the free minutes. How can I configure asterisk in a way that it looks up in the CDR which ISDN line has lest calling time in the present month and chosse this? Kind regards Eckhard ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Matthew Desbiens 603.581.3160 //* EOF *// ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
