hi,
i'm trying configure $subj
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger
but there is a ton of "informational" messages
[Sep 30 14:40:16] SECURITY[18311] res_security_log.c:
Hi there
Consider this. You have three SIP extension 200, 201 and 202 and you have
configured your phones, say Polycom 331 to those accounts. 200 being one
very sensitive individual.
Lets say, an insider, get a new phone or perhaps an xlite and configure it
with the same extension, 200. Asterisk
- Original Message -
From: Sam Muro resea...@businesstz.com
To: asterisk-users@lists.digium.com
Sent: Friday, October 14, 2011 2:02:01 AM
Subject: [asterisk-users] Asterisk Security: Allow only one phone per sip
registration
Hi there
Consider this. You have three SIP extension
Terry Wilson wrote:
- Original Message -
From: Sam Muro resea...@businesstz.com
To: asterisk-users@lists.digium.com
Sent: Friday, October 14, 2011 2:02:01 AM
Subject: [asterisk-users] Asterisk Security: Allow only one phone per
sip registration
Hi there
Consider this. You have
On Fri, 2011-10-14 at 10:02 +0300, Muro, Sam wrote:
Hi there
Consider this. You have three SIP extension 200, 201 and 202 and you have
configured your phones, say Polycom 331 to those accounts. 200 being one
very sensitive individual.
Lets say, an insider, get a new phone or perhaps an
Is there a way one can bind sip account to specific mac-address
(assume on
the same subnet). In this way, even if you know the username/secret,
you
will still have to use the same physical phone, unless you play with
mac-address.
No. And mac addresses are easily spoofed so it would not
Terry Wilson wrote:
Is there a way one can bind sip account to specific mac-address
(assume on
the same subnet). In this way, even if you know the username/secret,
you
will still have to use the same physical phone, unless you play with
mac-address.
No. And mac addresses are easily
Thanks. Let me see how best i can complicate them per phone. Ooops,
1000
sip phones
If it were me, I would look into Asterisk Realtime for handling the SIP phones.
I would then write a script to generate the configs for the phones into the SIP
realtime database with random passwords. Match
Thanks Terry!
Let me think of all possibilities and shall holla. Can you be one?
Terry Wilson wrote:
Thanks. Let me see how best i can complicate them per phone. Ooops,
1000
sip phones
If it were me, I would look into Asterisk Realtime for handling the SIP
phones. I would then write a
On Friday 14 October 2011, Muro, Sam wrote:
Hi there
Consider this. You have three SIP extension 200, 201 and 202 and you have
configured your phones, say Polycom 331 to those accounts. 200 being one
very sensitive individual.
Lets say, an insider, get a new phone or perhaps an xlite and
the best way to handle large sip client base is using provisioning interface.
Even though you can create configuration files and server them with
asterisk+extensions, you need to consider security aspects of this approach as
well. Using tftp or simple protocols to server config files works on
Thanks A.J
I know and I can assure you no one will get that physical access to the
system.
A J Stiles wrote:
On Friday 14 October 2011, Muro, Sam wrote:
Hi there
Consider this. You have three SIP extension 200, 201 and 202 and you
have
configured your phones, say Polycom 331 to those
Hi all,
The problem I have been experiencing since last month is that some of my
customers are getting calls with Asterisk Unknown caller id. Most of
them in the middle of the night. And my asterisk server has no record of
these calls. The customers were getting irritated as you can imagine. I
On 28 Feb 2011, at 10:33, Rizwan Hisham wrote:
The problem I have been experiencing since last month is that some of my
customers are getting calls with Asterisk Unknown caller id. Most of them
in the middle of the night. And my asterisk server has no record of these
calls. The customers
On Monday 28 Feb 2011, Steven Howes wrote:
'asterisk security' is a misleading subject line. Guessing someone just
scanned some IP addresses and made calls. You need what's called a
'firewall'.
Well, assuming you're on Linux then you've already *got* a firewall. Just add
some iptables rules
Probably, you are receiving INVITE attacks from some tool like sipvicious.
You should rearange your network to cover some inportant security issues.
The IP address of you server can be revealed in some unincrypted SIP
signaling of some call through the Internet to/from your server's client, or
thanks for the replies.
I dont want to rule-out the possibility of network sniffing. I am sure its
not an inside job. The server is off-site and is hosted by a very well
reputed hosting company. So if someone is sniffing, what should I do?
Probably, you are receiving INVITE attacks from some
...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Ricardo
Carvalho
Sent: Monday, February 28, 2011 6:31 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk securityagain
Probably, you are receiving INVITE
side, not the server.
*From:* asterisk-users-boun...@lists.digium.com [mailto:
asterisk-users-boun...@lists.digium.com] *On Behalf Of *Ricardo Carvalho
*Sent:* Monday, February 28, 2011 6:31 AM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* Re: [asterisk-users
-users] asterisk securityagain
Probably, you are receiving INVITE attacks from some tool like sipvicious.
You should rearange your network to cover some inportant security issues.
The IP address of you server can be revealed in some unincrypted SIP
signaling of some call through
On 02/28/2011 07:27 AM, Rizwan Hisham wrote:
Any suggestions on encrypting the sip and rtp. I have done some googling
on it. looks like it is not supported by most end point devices or
service providers. But still your thoughts will be appreciated on this
subject.
You cannot protect a remote
Thanks Mr. Kevin.
Can anyone please also tell me which firewall is best suited for
asterisk/sip attack prevention. Is there any firewall built specially to
address sip security problems?
On Mon, Feb 28, 2011 at 6:38 PM, Kevin P. Fleming kpflem...@digium.comwrote:
On 02/28/2011 07:27 AM, Rizwan
http://sipera.com/ is one such product.
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Rizwan Hisham
Sent: Monday, February 28, 2011 9:33 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users
...@computer-business.com
To: asterisk-users@lists.digium.com
Date: Mon, 28 Feb 2011 10:27:33 -0500
Subject: Re: [asterisk-users] asterisk securityagain
http://sipera.com/ is one such product. From:
asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.4.38.1
* 1.4.39.1
* 1.6.1.21
* 1.6.2.15.1
* 1.6.2.16.1
* 1.8.1.2
* 1.8.2.1
These releases are available for immediate download at
Users Mailing List - Non-Commercial Discussion
Betreff: Re: [asterisk-users] Asterisk Security
If that someone is between you and the other endpoint (like between you
and the switch, or using port-mirroring on a router somewhere), then
yes. The conversations can be recorded. In the US, the ability
-boun...@lists.digium.com] On Behalf Of Martin
Sent: Saturday, April 04, 2009 7:20 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Security
Lets not be that paranoid. If you have these ports open to the internet then
from time to time someone
Hi All,
Coming in to day, the logs on the asterisk server showed several entries
such as:
[Apr 4 15:25:16] NOTICE[9280]: chan_sip.c:14627 handle_request_invite:
Call from '' to extension '9810380487965419' rejected because extension
not found.
This has gotten me to thinking about security
Lets not be that paranoid. If you have these ports open to the internet then
from time to time someone will check if your default unsecured context
can dial out to PSTN...
with sip.conf you can add
allowguest=no
With IAX2 there's no allowguest but I believe you have to have a guest
username in
...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Martin
Sent: Saturday, April 04, 2009 7:20 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Security
Lets not be that paranoid. If you have these ports open to the internet
Hi,
I recently found someone was using one of my Asterisk servers to make
international calls via some SIP method that allowed them to bypass
authentication (running 1.4.21.1 so I'm not sure how they did this since the
major vulnerability for this was patched in 1.4.18.1). At any rate I caught
it
http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0297.html
___
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
Hello,
I would like to have some advices about security,
securing asterisk server
Already :
-
configured asterisk to
run as non-root user (http://www.voip-info.org/tiki-index.php?page=Asterisk+non-root)
-
fw config
I would like to have some advices about security, securing asterisk server
Already :
- configured asterisk to run as non-root user
(http://www.voip-info.org/tiki-index.php?page=Asterisk+non-root)
- fw config
On Mon, March 14, 2005 17:06, Andres said:
You might want to try the steps provided above yourself Peter. Because
even if we have a context that leads to never never land at the top of
sip.conf, I am still able to make free calls. A sip debug clearly
Welcome to the wonderful world of
On Tue, 15 Mar 2005 02:03:54 +1100 (EST), Duane [EMAIL PROTECTED] wrote:
On Mon, March 14, 2005 17:06, Andres said:
You might want to try the steps provided above yourself Peter. Because
even if we have a context that leads to never never land at the top of
sip.conf, I am still able to
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or
On Mon, 14 Mar 2005 00:27:12 -0500, Andres [EMAIL PROTECTED] wrote:
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake
Peter Bowyer wrote:
On Mon, 14 Mar 2005 00:27:12 -0500, Andres [EMAIL PROTECTED] wrote:
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and
On Fri, 11 Mar 2005 14:41:37 -0500, C F [EMAIL PROTECTED] wrote:
Welcome to SIP, this is how SIP works, thats why ppl use IAX.
It is a combination of chan_sip and the particular sip.conf actually.
Sane SIP servers will challenge all INVITEs, and apply user
identification from the user
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or callerid from sip.conf.
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or
Welcome to SIP, this is how SIP works, thats why ppl use IAX.
On Fri, 11 Mar 2005 19:06:20 +0100, Deti Fliegl [EMAIL PROTECTED] wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular
On Fri, Mar 11, 2005 at 01:13:25PM -0600, [EMAIL PROTECTED] wrote:
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
C F wrote:
Welcome to SIP, this is how SIP works, thats why ppl use IAX.
Welcome to SIP for dummies: You have to distinguish between SIP callerid
and authentication. First a callerid is used to call another party or
to identify yourself to another party. Such a callerid is sent via a
This is a preliminary fix for the exploit identified in my last
postings. By far it would be better to fix the find_user call to look
for both, the From-header and an username in the
Proxy-Authorization-header. We even should set a environment variable
(which can be used for dialplans) to
Deti Fliegl wrote:
This is a preliminary fix for the exploit identified in my last
postings. By far it would be better to fix the find_user call to look
for both, the From-header and an username in the
Proxy-Authorization-header. We even should set a environment variable
(which can be used for
Has Asterisk ever been audited for common security holes, such as buffer
overruns?
A quick grep through the source for routines that should never be used,
like strcpy, strcat, etc., reveals a lot of it. I fear I fear.
Has anyone flung pathology at IAX2 to see if it stands up to malformed
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Rosenberg
Sent: Tuesday, March 30, 2004 2:53 PM
To: [EMAIL PROTECTED]
Subject: [Asterisk-Users] Asterisk Security Audit?
Has Asterisk ever been audited for common security holes, such as buffer
overruns?
A quick grep through the source for routines
On Tue, 2004-03-30 at 16:53, Jim Rosenberg wrote:
Has Asterisk ever been audited for common security holes, such as buffer
overruns?
A quick grep through the source for routines that should never be used,
like strcpy, strcat, etc., reveals a lot of it. I fear I fear.
These functions aren't
On Wed, 2003-09-10 at 21:06, Tilghman Lesher wrote:
Odd, I've found CVS-current to be extremely stable, so I run it on all
of our production machines. No machine is ever more than a couple
weeks out of sync with CVS (except for a few machines in the field
which I can't get to right now).
The
What do you think a segfault is, eh? Please learn the basics before
commenting on this. As the advisory clearly points out, you can fully
overwrite the saved return address. Depending on the system you use (by
default on Linux/FreeBSD all are possible) you can either alter the
execution
On Wed, 2003-09-10 at 22:06, Tilghman Lesher wrote:
On Wednesday 10 September 2003 14:32, Chris Albertson wrote:
Read the security vulnerability. It referenced CVS
as of a certain
date. If you aren't keeping up with CVS changes,
why are you running
CVS at all?
One
If one is using SIP the CVS-current can be extremely unstable.
I would say about half the time I have tried a new CVS checkout
on a test box. (about once a week) I have had lockups or missing
features. I like Asterisk and CVS but with out testing in a semi
large environment the cvs -current is
On Wed, 2003-09-10 at 10:51, Olle E. Johansson wrote:
Lubomir Christov wrote:
today I found this security report regarding Asterisk SIP Security.
http://www.securiteam.com/securitynews/5LP0720B5G.html
Important information. Why a silent patch and no information to the mailing list?
Steven Critchfield wrote:
I've added a security page to the Wiki:
http://www.voip-info.org/tiki-index.php?page=Asterisk+security
Maybe there should also be a link for best practices with respect to
dial plan layout.
I guess since this is my second comment on the wiki, I should log in and
On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote:
Lubomir Christov wrote:
today I found this security report regarding Asterisk SIP
Security.
http://www.securiteam.com/securitynews/5LP0720B5G.html
Important information. Why a silent patch and no information to
the
Tilghman Lesher wrote:
On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote:
Lubomir Christov wrote:
today I found this security report regarding Asterisk SIP
Security.
http://www.securiteam.com/securitynews/5LP0720B5G.html
Important information. Why a silent patch and no
On Wednesday 10 September 2003 01:04 pm, Olle E. Johansson wrote:
Tilghman Lesher wrote:
On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote:
Lubomir Christov wrote:
today I found this security report regarding Asterisk SIP
Security.
Also it wasn't a proven exploit. They said it could allow an attacker to
obtain remote and unauthenticated access. And if pigs could fly I
would be a rich man!
bkw
Read the security vulnerability. It referenced CVS as of a certain
date. If you aren't keeping up with CVS changes, why are
On Wed, 2003-09-10 at 13:16, Tilghman Lesher wrote:
On Wednesday 10 September 2003 01:04 pm, Olle E. Johansson wrote:
Tilghman Lesher wrote:
On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote:
Lubomir Christov wrote:
today I found this security report regarding Asterisk SIP
At 11:37 -0500 10/9/03, Tilghman Lesher wrote:
Probably because Mark doesn't have time to realize that somebody
is going to publish a temporary vulnerability that he fixes in 5
minutes. When someone points out a bug in my own programs, I'll
go fix it, but I don't usually then publish a
On Wed, 10 Sep 2003, Fearghas McKay wrote:
It has certainly caused some fervent checking amongst users I know, and
since the last release was some months ago if the vulnerability was present
then there will be users who have had to move from taking a stable build to
building from CVS, which
At 13:16 -0500 10/9/03, Tilghman Lesher wrote:
Read the security vulnerability. It referenced CVS as of a certain
date. If you aren't keeping up with CVS changes, why are you running
CVS at all?
The security advisory merely says update using CVS to a date later than Aug 15.
It does not
Read the security vulnerability. It referenced CVS
as of a certain
date. If you aren't keeping up with CVS changes,
why are you running
CVS at all?
One would hope people are not using the latest CVS
checkup as their production system. Most sane people
do a bit better quality control and
'proven'? Why post this bs... read the advisory, clearly shows they made
one and tested. Second its trivial to make one, if you see what is wrong
in the code.
Original advisory should have been posted here at the date of release,
or announced by someone, but it wasn't... I guess some people
Because as the advisory pointed out it could happen. The likely thing
to happen would be a segfault. Then again it should have been pointed out
instead of silently updated.
bkw
On Wed, 10 Sep 2003, Michael Sandee wrote:
'proven'? Why post this bs... read the advisory, clearly shows they made
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 3:32 PM
Subject: Re: [Asterisk-Users] Asterisk Security vulnerability report
Read the security vulnerability. It referenced CVS
as of a certain
date. If you aren't keeping up with CVS changes,
why are you running
By exploiting this vulnerability, @stake managed to obtain access to the
remote host in question.
- Original Message -
From: Brian West [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 10:16 AM
Subject: Re: [Asterisk-Users] Asterisk Security vulnerability
On Wednesday 10 September 2003 14:32, Chris Albertson wrote:
Read the security vulnerability. It referenced CVS
as of a certain
date. If you aren't keeping up with CVS changes,
why are you running
CVS at all?
One would hope people are not using the latest CVS
checkup as
What I do is periodically is a recursive grep of all
my source code for strcat() and the like. In EVERY
case, there is NO reason to use strcat() and it should
be replaced with either strlcat() or strncat() same
for sprintf, strcpy and so on. The l versions
should be prefreed over the n versions
: [Asterisk-Users] Asterisk Security vulnerability report
Hello,
today I found this security report regarding Asterisk SIP Security.
http://www.securiteam.com/securitynews/5LP0720B5G.html
Maybe It could help somebody who isn't using a newer than 15th of August
cvs version.
Best regards
Lubo
Christov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 3:54 PM
Subject: [Asterisk-Users] Asterisk Security vulnerability report
Hello,
today I found this security report regarding Asterisk SIP Security.
http://www.securiteam.com
Hello,
today I found this security report regarding Asterisk SIP Security.
http://www.securiteam.com/securitynews/5LP0720B5G.html
Maybe It could help somebody who isn't using a newer than 15th of August
cvs version.
Best regards
Lubo
___
74 matches
Mail list logo