Re: [asterisk-users] Detecting DoS attacks via SIP
I shall recommend fail2ban. We have been using fail2ban successfully for our Asterisk servers (Debian). Help on using fail2ban with Asterisk server: https://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk On Thu, Aug 17, 2017 at 10:10 AM, Kseniya Blashchuk <ksybl...@gmail.com> wrote: > Well, correct me if I'm wrong, but I would say this conversation you have > posted is a bit outdated, now fail2ban can be used with asterisk security > log > https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger. > > > On Thu, Aug 17, 2017, 4:53 AM Telium Technical Support <supp...@telium.ca> > wrote: >> >> Keep in mind that the attacks you are seeing in the log are ONLY the ones >> that Asterisk is detecting and rejecting. All other attacks aren't even >> showing up! >> >> There's a good discussion of how to secure your PBX here: >> https://www.voip-info.org/wiki/view/asterisk+security >> >> In general, don't let the malevolent traffic get as far as the PBX (block >> at >> the firewall). Also, Digium regularly warns users that fail2ban is NOT a >> security system: http://forums.asterisk.org/viewtopic.php?p=159984 >> >> -Original Message- >> From: asterisk-users-boun...@lists.digium.com >> [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of mdiehl >> Sent: Tuesday, August 15, 2017 3:38 PM >> To: asterisk-users@lists.digium.com >> Subject: [asterisk-users] Detecting DoS attacks via SIP >> >> Hi all, >> >> Lately, I've seen an increase in the number of attacks against my system >> from the so-called "Friendly Scanner." When one of these script kiddies >> targets my server, all I see for symptoms is a few of my trunks become >> lagged due to server load and a stream of messages on the console that >> resemble this: >> >> [Aug 2 20:27:50] == Using SIP VIDEO CoS mark 6 >> [Aug 2 20:27:50] == Using SIP RTP TOS bits 24 >> [Aug 2 20:27:50] == Using SIP RTP CoS mark 5 >> [Aug 2 20:32:47] == Using SIP VIDEO TOS bits 24 >> [Aug 2 20:32:47] == Using SIP VIDEO CoS mark 6 >> [Aug 2 20:32:47] == Using SIP RTP TOS bits 24 >> [Aug 2 20:32:47] == Using SIP RTP CoS mark 5 >> [Aug 2 20:34:26] == Using SIP VIDEO TOS bits 24 >> [Aug 2 20:34:26] == Using SIP VIDEO CoS mark 6 >> >> >> I have to turn on sip debugging to find out who's hitting me. However, I >> can't just leave it on because it would kill my logging system. >> >> So, how are other people handling this? Is there an AMI event I want >> watch >> for? I watch for PeerStatus, but since there's no actual peer in the >> attack, I don't seem to get an event from AMI. >> >> Any ideas? >> >> Mike Diehl. >> >> -- >> _ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >>http://lists.digium.com/mailman/listinfo/asterisk-users >> >> >> -- >> _ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >>http://lists.digium.com/mailman/listinfo/asterisk-users > > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- Regards, Tirveni Yadav www.bael.io What is this Universe ? From what it arises ? Into what does it go? In freedom it arises, In freedom it rests and into freedom it melts away. Upanishads. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] sip show channelstats reliable?
On Tue, Jan 20, 2015 at 8:25 PM, tirveni yadav yadav.tirv...@gmail.com wrote: On Tue, Jan 20, 2015 at 12:43 AM, Scott Griepentrog sgriepent...@digium.com wrote: I would recommend capturing traffic outside your Asterisk server with Wireshark, then running the Telephony/Rtp/Analysize Streams option to determine if you have packet loss at that point in the network. On Mon, Jan 19, 2015 at 1:00 PM, Todd R. tjrl...@live.com wrote: Thanks but no Adtran here. I do think these stats are indicating an issue, I just don't know how to prove it outside Asterisk. -- From: ewiel...@nyigc.com To: tjrl...@live.com; asterisk-users@lists.digium.com Date: Mon, 19 Jan 2015 13:55:33 -0500 Subject: RE: [asterisk-users] sip show channelstats reliable? I’ve seen something similar with Adtran SIP gateways.When a re-invite happens the Adtran gets all confused about call stats and marks the pre-reinvite leg of the call as losing large numbers of packets. BTW, IIRC reinvites happen when a codec changes or the channel switches to T.38. Also Adtran SIP gateways appear not to support OPTIONS packets when running in SIP proxy mode, which is very annoying. At some point I’ll try and arrange a slugfest between Digium and Adtran and they can figure out why it doesn’t work. *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Todd R. *Sent:* Monday, January 19, 2015 1:45 PM *To:* Asterisk-Users List *Subject:* Re: [asterisk-users] sip show channelstats reliable? Additional info: At the moment I am running 1.8.x but the other day I was getting the same results on 11.x Here is a sample from show channelstats. I do think this command is showing that there is trouble between specific IP's and my Asterisk box but I don't know if the numbers are accurate and reliable. Peer Call ID Duration Recv: Pack Lost ( %) Jitter Send: Pack Lost ( %) Jitter x.x.x.x 5531341d06b 00:07:42 023123 063836 (73.41%) 0. 023102 00 ( 0.00%) 0.0007 Peer IP changed to protect the innocent :-) -- From: tjrl...@live.com To: asterisk-users@lists.digium.com Date: Mon, 19 Jan 2015 12:17:25 -0600 Subject: [asterisk-users] sip show channelstats reliable? I am seeing lots of lost packets when running the command sip show channelstats at the CLI. There are issues across multiple Asterisk servers I am trying to diagnose but everything I read seems to point to this command being pretty unreliable. Can I trust the info this command shows? I am showing lots of lost packets in sip show channelstats but I can't see any packet loss when pinging the same IP's to/from. Since I don't 100% control the network my gear is on, I need something outside of Asterisk to show the network engineer to convince here and myself that there are network issues. All I have is the loss that's shown from this command with no real network stats to back it up. Is there a magic command in CentOS anyone can recommend to diagnose and match up the issues shown in Asterisk using this command? Moving gear around on the network changes the info Asterisk shows a LOT. For example, if I point traffic to the main physical gateway I get loss to a particular customer's IP (their PBX), if I move it to another place on the network (as a VM) their IP is good and other customers IP's start showing loss using the channelstats info. Driving me freakin' crazy. It does appear there are network issues causing my troubles but I can't get help if I can't point to some hard and fast issues outside of Asterisk. The only thing I have right now is collissions showing on one of a few of our pfSense devices but they are virtual running on XenServer, still this would indicate a problem in my opinion. Thanks in advance for any assistance on this issue. Stepping back from the ledge now LOL -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- [image: Digium logo] Scott Griepentrog Digium, Inc · Software Developer 445 Jan Davis Drive NW · Huntsville, AL 35806 · US direct/fax: +1 256 428 6239
Re: [asterisk-users] sip show channelstats reliable?
You can find out the data loss outside of Asterisk by using tcpdump and tshark(wireshark) 1. Capture output of Asterisk SIP channels in a log file ax_log_mmdd $while :; do date; asterisk -rnx 'sip show channelstats'; sleep 5 ; done ax_log_mmdd 2. Capture tcpdump traffic on the asterisk server: $tcpdump -nq -s 0 -i eth0 -G3600 -w eth_sip_traffic-%F-%H-%M-%S.pcap port 5060 or port 5061 [this saves the all the ethernet traffic of ports 5060 5061 in the pcap file for every hour(-G 3600) ] 3. Once you can see the data loss in the ax_log_mmdd, check for the same time in the eth_sip_traffic.pcap Analyze the eth_sip_traffic.pcap $tshark -t ad -r eth_sip_traffic.pcap |grep sip_client_ip | less [ -t ad: is for time format, -r :is for input file] 1034847 2000-01-03 22:08:10.239661 sip_client_ip - asterisk_server_ip RTP PT=ITU-T G.711 PCMA, SSRC=0x488EDB49, Seq=314, Time=50240 1036396 2000-01-03 22:08:11.647404 sip_client_ip - asterisk_server_ip RTP PT=ITU-T G.711 PCMA, SSRC=0x488EDB49, Seq=383, Time=61280 1036401 2000-01-03 22:08:11.647560 sip_client_ip - asterisk_server_ip RTP PT=ITU-T G.711 PCMA, SSRC=0x488EDB49, Seq=384, Time=61440 You can find the if the packets loss is happening, with the missing sequence numbers. PS: I think any loss greater than 3%, will deteriorate the call quality. -- Regards, Tirveni Yadav www.udyansh.com http://www.udyansh.org What is this Universe ? From what it arises ? Into what does it go? In freedom it arises, In freedom it rests and into freedom it melts away. Upanishads. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Moving from Redfone's Fonebridge to Allo 2nd Gen PRI card
We have been running around than 40 asterisk servers running on Debian Squeeze for last three years, handling traffic of more than few hundred thousand calls per day. Our setup's PRI-banks were using Redfone's Fonebridge. We had PRIs from multiple telephony providers. And Redfone's Fonebridge handled all that easily. But all good things come to end. Redfone's Fonebridge was not available anymore. And we had to seek replacement. We got to know abot Allo's 2nd Generation PRI card with echo cancellation. Though we had not used any Allo product before, hence we were unsure of using them. But what made us select Allo for migration was that, Allo provides 5 years of warranty on their products. Hence Allo card was selected. We have started to use the card on the production and results have been good. In eight hours in a day it is handling around 50,000 calls, without any issues. There are no issues in voice quality. Allo PRI Card: 2aCP4e (2nd Gen) Processor: Intel(R)Xeon(R) CPU E5620 @ 2.40GHz OS Debian GNU/Linux 7.6 (wheezy) RAM: 16 GB 10AM 6 PM 5 Per day Libpri: 1.4.12-2 Asterisk: 1.8.13.1~dfsg1-3+deb7u3 -- Regards, Tirveni Yadav What is this Universe ? From what it arises ? Into what does it go? In freedom it arises, In freedom it rests and into freedom it melts away. Upanishads. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] recording in mp3
On Tue, Jul 1, 2014 at 9:39 PM, binary dreamer.bin...@gmail.com wrote: i would go for recording into wav. then at regular intervals eg every night at 01:00 i would start a script to convert the wav to mp3 and then delete the wav files. it is really easy. This method works for us too. We get around 40 GB of recordings (wav) in around nine hours in a day. Which is converted to mp3 in night and moved to a NAS through a Perl script. Perl program merges all -in and -out wav files using sox, then convers to MP3 using twolame. -- Regards, Tirveni Yadav www.udyansh.org What is this Universe ? From what it arises ? Into what does it go? In freedom it arises, In freedom it rests and into freedom it melts away. Upanishads. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Redfone FoneBridge2 Quad T1/E1 Alternative
We have been using Red-fone foneBridge2 Quad T1/E1 for last few years. As these devices are not available anymore, we are looking for alternatives. Are there any similar devices available ? -- Regards, Tirveni Yadav www.udyansh.org What is this Universe ? From what it arises ? Into what does it go? In freedom it arises, In freedom it rests and into freedom it melts away. Upanishads. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
