Hi all,
Trying to do my first WebRTC. Using stock asterisk 1.13.0.
I setup the asterisk according to the recipe on the wiki, but cannot get it
to work.
Dialing from sipml5 on chrome I get no sound, regular bria on standard sip
works.
My network setup by the way: I am working from a cable modem,
Hi all
WE have some users that turns off their phones when they are not at home.
We see the warning message:
Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
just after the Dial() command and a
Everyone is busy/congested at this time
message.
Where is
Hello,
I'm investigating a situation where there was a hundreds of minutes of
calls from an internal SIP extension to an 855 number in Cambodia,
resulting in a crazy ($25,000+) bill from the phone company. I'm
investigating, but can anyone provide some feedback on what's happened
here? I'm
I’ve seen the following exploits of Asterisk / FreePBX boxes:
1) Default PlcmSpIp username and password for Polycom provisioning
2) Insecure SIP usernames and secrets
3) FreePBX GUI accessable from the internet
4) OS remote exploit (maybe ssh/ssl exploit)
Mitigation options:
1) Don’t
Asterisk Project Security Advisory - AST-2015-001
ProductAsterisk
SummaryFile descriptor leak when incompatible codecs are
offered
Asterisk Project Security Advisory - AST-2015-002
ProductAsterisk
SummaryMitigation for libcURL HTTP request injection
vulnerability
You don't mention if the phone is remote, or local. Although you do mention it
had a default user/pass. If the UI of the phone was/is accessible from the
I'net, the GUI does have the ability to place a call from it, that is one way
the calls could have been placed.
From:
The UI (or anything really) is not open to the internet. The only things
open are SSH and RDP (on alternate ports). The freepbx web interface has a
strong username/password. The only weakness I see is a weak secret SIP
password, and default mitel admin password used. There is no provisioning
Hmm the calls are made during the day (and sometimes very early in the
morning). Right now it looks like someone actually made these calls. If
that is the case it's somewhat comforting to know the system wasn't
compromised. However, the $25,000 phone bill still remains. Yikes. $6.25
per minute to
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
These releases are available for
Le 28/01/2015 22:03, Steven McCann a écrit :
Hello,
Hi
I'm investigating a situation where there was a hundreds of minutes of
calls from an internal SIP extension to an 855 number in Cambodia,
resulting in a crazy ($25,000+) bill from the phone company. I'm
investigating, but can anyone
Do you have DISA setup? We're seeing lots of attackers running scripts that
send digits until they strike a DISA, misconfigured mailbox, etc. (Assuming it
wasn't a stupid employee forwarding an inbound call to a 9xxx number etc).
Have a look at SecAst (www.generationd.com) - it detects
Hi Michelle,
DISA is not in use. I'll check out the SecAst product you mentioned for
rebuilding the server.
I'm digging into the logs to get some more information.
Thanks,
Steve
On Wed, Jan 28, 2015 at 5:30 PM, Michelle Dupuis mdup...@ocg.ca wrote:
Do you have DISA setup? We're seeing lots
On 29 Jan 2015, at 11:07, Administrator TOOTAI wrote:
Le 28/01/2015 22:03, Steven McCann a écrit :
Hello,
Hi
I'm investigating a situation where there was a hundreds of minutes
of
calls from an internal SIP extension to an 855 number in Cambodia,
resulting in a crazy ($25,000+) bill
Hi all,
I want to test the Native Bridge mode of DAHDI (FXS/FXO). I use asterisk
11.14.2 and DAHDI 2.8.0.
I try to set callwaiting = no AND callwaitingcallerid = no in
chan_dahdi.conf.
But I can't find native bridging information from CLI(opened debug mode in
logger.conf). How can I test the
Hmm the calls are made during the day (and sometimes very early in the
morning). Right now it looks like someone actually made these calls. If
that is the case it's somewhat comforting to know the system wasn't
compromised. However, the $25,000 phone bill still remains. Yikes. $6.25
per
On Tue, Jan 27, 2015 at 4:14 PM, symack sym...@gmail.com wrote:
Hello Everyone,
I am required to write a java program that will get our asterisk to:
* Query the database for phone numbers
* Loop through numbers and dial
* Play message
* Get dial pressed response
- If 1 = Yes
On Wed, Jan 28, 2015 at 1:37 PM, Paul Belanger
paul.belan...@polybeacon.com wrote:
On Wed, Jan 28, 2015 at 12:23 PM, Ishfaq Malik i...@pack-net.co.uk wrote:
Hi
We're using 1.8.23.1 on CentOS 5 and are trying to get accurate stats for
queues.
For a particular customer, when I run queue show
On Wed, Jan 28, 2015 at 12:23 PM, Ishfaq Malik i...@pack-net.co.uk wrote:
Hi
We're using 1.8.23.1 on CentOS 5 and are trying to get accurate stats for
queues.
For a particular customer, when I run queue show queue_name I get the
following numbers:
queue_name has 0 calls (max unlimited) in
On Wed, Jan 28, 2015 at 8:27 AM, Antonio Gómez Soto
antonio.gomez.s...@gmail.com wrote:
Hi all,
Trying to do my first WebRTC. Using stock asterisk 1.13.0.
I setup the asterisk according to the recipe on the wiki, but cannot get it
to work.
Dialing from sipml5 on chrome I get no sound,
Hi
We're using 1.8.23.1 on CentOS 5 and are trying to get accurate stats for
queues.
For a particular customer, when I run queue show queue_name I get the
following numbers:
queue_name has 0 calls (max unlimited) in 'ringall' strategy (17s
holdtime, 94s talktime), W:0, C:175, A:44, SL:48.6%
Hello Paul,
Thank you for your response.
You are going to use the AMI
Looking into AGI vs AMI it seems that coding functionality such as playing
a file using
AMI is not as trivial as AGI. Correct me if i'm wrong however, is managing
the channel
easier in AGI than is AMI?
As for examples a
22 matches
Mail list logo