Re: [asterisk-users] FW: Under heavy attack
Joel, after sending my previous posts I did realize your points might have some validity - and hence I owe you an apology - and that is if you are a telco or hosted pbx provider then strict fail2ban is not that good of a solution. While I was talking strictly from a PBX vendors point of view, where fail2ban is a must and the answer to most problems. On Mon, Nov 1, 2010 at 8:20 PM, Joel Maslak jmas...@antelope.net wrote: Be careful, telcos may make the users responsible if they have insecure PBXes...right now they often write off much of the charges. But I do agree that there would be a lot less garbage on the net if everyone was liable for their insecurity. Heck, there would be no SIP attacks if everyone's systems were secure - there would be no gain in trying to exploit reasonably unexploitable systems. On Nov 1, 2010, at 11:54 AM, jon pounder j...@inline.net wrote: On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Monday, November 01, 2010 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
-Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of C F Sent: Tuesday, November 02, 2010 10:06 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack Joel, after sending my previous posts I did realize your points might have some validity - and hence I owe you an apology - and that is if you are a telco or hosted pbx provider then strict fail2ban is not that good of a solution. While I was talking strictly from a PBX vendors point of view, where fail2ban is a must and the answer to most problems. On Mon, Nov 1, 2010 at 8:20 PM, Joel Maslak jmas...@antelope.net wrote: Be careful, telcos may make the users responsible if they have insecure PBXes...right now they often write off much of the charges. But I do agree that there would be a lot less garbage on the net if everyone was liable for their insecurity. Heck, there would be no SIP attacks if everyone's systems were secure - there would be no gain in trying to exploit reasonably unexploitable systems. On Nov 1, 2010, at 11:54 AM, jon pounder j...@inline.net wrote: On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and dont need any more tips. Cary Fitch From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Monday, November 01, 2010 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... I'm still on old-fashion copper-wire and have yet to experience the joy of SIP Trunk-ing and the type of issues discussed in this thread. My thought to share here is that outgoing calls should be easy for thoroughly authenticated users and impossible for others... Probably more can-o-worms than help. Sorry if this is so. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
I'm still on old-fashion copper-wire and have yet to experience the joy of SIP Trunk-ing and the type of issues discussed in this thread. My thought to share here is that outgoing calls should be easy for thoroughly authenticated users and impossible for others... Probably more can-o-worms than help. Sorry if this is so. nothing new here, this is just the digital equivalent of a wats line with a weak access code for outbound access. the difference is code guessing can be a lot more aggressive now, and finding the inbound path is simpler. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
-Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of jon pounder Sent: Tuesday, November 02, 2010 10:24 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] FW: Under heavy attack I'm still on old-fashion copper-wire and have yet to experience the joy of SIP Trunk-ing and the type of issues discussed in this thread. My thought to share here is that outgoing calls should be easy for thoroughly authenticated users and impossible for others... Probably more can-o-worms than help. Sorry if this is so. nothing new here, this is just the digital equivalent of a wats line with a weak access code for outbound access. the difference is code guessing can be a lot more aggressive now, and finding the inbound path is simpler. == Each system needs to be configured according to its purpose and needs. Simply these are phone systems, not e-mail or web servers. You may want to be able to get mail from (almost) anywhere in the world, same for web services. But for a phone system you may have very different needs. One can visualize the differences between a national or international VOIP provider, a 4 person office in Little Rock, AR, a local SIP provider in Houston, TX and an international sales company with offices in Rome Italy. A small sip system used with an upstream VOIP provider should be invisible to 99.% of the world's population. (Excepting any other trusted peers.) If there was a wide spread peering network and an individual system wanted/needed to access and be accessed like email then it would be a different world. We could all be robo-call spammed just like email. :-( But leaving small systems open for attack from 99. percent of the world is just begging for trouble. Cary Fitch -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
Asterisk security has always been a big concern. I am sure most of asterisk pros have taken care of these type of attacks. For non pros I am sharing a shell script here. http://www.didforsale.com/blog/?p=253 If you care feel free is use it. -Jai On Tue, Nov 2, 2010 at 9:27 AM, Cary Fitch ca...@usawide.net wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of jon pounder Sent: Tuesday, November 02, 2010 10:24 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] FW: Under heavy attack I'm still on old-fashion copper-wire and have yet to experience the joy of SIP Trunk-ing and the type of issues discussed in this thread. My thought to share here is that outgoing calls should be easy for thoroughly authenticated users and impossible for others... Probably more can-o-worms than help. Sorry if this is so. nothing new here, this is just the digital equivalent of a wats line with a weak access code for outbound access. the difference is code guessing can be a lot more aggressive now, and finding the inbound path is simpler. == Each system needs to be configured according to its purpose and needs. Simply these are phone systems, not e-mail or web servers. You may want to be able to get mail from (almost) anywhere in the world, same for web services. But for a phone system you may have very different needs. One can visualize the differences between a national or international VOIP provider, a 4 person office in Little Rock, AR, a local SIP provider in Houston, TX and an international sales company with offices in Rome Italy. A small sip system used with an upstream VOIP provider should be invisible to 99.% of the world's population. (Excepting any other trusted peers.) If there was a wide spread peering network and an individual system wanted/needed to access and be accessed like email then it would be a different world. We could all be robo-call spammed just like email. :-( But leaving small systems open for attack from 99. percent of the world is just begging for trouble. Cary Fitch -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
On Tue, Nov 2, 2010 at 11:16 AM, Danny Nicholas da...@debsinc.com wrote: -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of C F Sent: Tuesday, November 02, 2010 10:06 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack Joel, after sending my previous posts I did realize your points might have some validity - and hence I owe you an apology - and that is if you are a telco or hosted pbx provider then strict fail2ban is not that good of a solution. While I was talking strictly from a PBX vendors point of view, where fail2ban is a must and the answer to most problems. On Mon, Nov 1, 2010 at 8:20 PM, Joel Maslak jmas...@antelope.net wrote: Be careful, telcos may make the users responsible if they have insecure PBXes...right now they often write off much of the charges. But I do agree that there would be a lot less garbage on the net if everyone was liable for their insecurity. Heck, there would be no SIP attacks if everyone's systems were secure - there would be no gain in trying to exploit reasonably unexploitable systems. On Nov 1, 2010, at 11:54 AM, jon pounder j...@inline.net wrote: On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Monday, November 01, 2010 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... I'm still on old-fashion copper-wire and have yet to experience the joy of SIP Trunk-ing and the type of issues discussed in this thread. My thought to share here is that outgoing calls should be easy for thoroughly authenticated users and impossible for others... Why? You have your NID in an 18 gauge vandal resistant enclosure with a lock? Ever heard of beige boxing? http://en.wikipedia.org/wiki/Beige_box_(phreaking) Probably more can-o-worms than help. Sorry if this is so. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] FW: Under heavy attack
Only 100? We had a single server over 300. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anyways, I wonder how would it benefit any hacker in any way. -- Zeeshan Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.netmailto:jmas...@antelope.net wrote: No. It seems that opening up some sort of automatic blocking could cause an attacker forging packets to block legitimate endpoints. It also seems like they won't get in with good passwords, so it isn't actually accomplishing something to worry about the script kiddies if you have good passwords. And this blocking won't actually stop someone with a zero day attack or who is sophisticated and can attack from many IP addresses - these are the real threats for people with good passwords. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
Its going on and on and on. Nothing like this has happened before. I have several hundreds by now. Make me wish Internet was a more regulated place. Its a place where bad people have the upper hand and good people cannot do anything about it. I know incidences where spammers and attackers were tried to be punished by genuine companies by doing DoS attacks on their zombie machines and as a result these companies got so much DoS that they were left with no choice other than to close their genuine and legal businesses. And when even reputable companies like Amazon become part of this criminal activity, and refuse to do anything against it, what can rest of us do? Nothing, but suffer. Unless main Internet routers will identify these attackers and block their IPs, there is no real way to control this criminal activity. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
I was going to point out a failing of the attackers, but figured they read the list and don't need any more tips. Cary Fitch _ From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Monday, November 01, 2010 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
Hi Cary, Can you email me off the list to point it out? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 1:37 PM, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch -- *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Monday, November 01, 2010 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategi... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
On Mon, 1 Nov 2010, Zeeshan Zakaria wrote: Hi Cary, Can you email me off the list to point it out? Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 1:37 PM, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch Don't do it! Zeeshan might be an attacker!! :) Just kidding Zeeshan. Couldn't resist. j-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch -- *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Monday, November 01, 2010 12:13 PM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. *From:* asterisk-users-boun...@lists.digium.com [mailto: asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net mailto:ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch *From:* asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Monday, November 01, 2010 12:13 PM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com http://www.ilovetovoip.com www.pbxforall.com http://www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com mailto:jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. *From:* asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net mailto:jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
Too late, now switching to attack level: lethal :) No, I am not one of these losers, and don't ever plan to be. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 1:49 PM, Jeff LaCoursiere j...@sunfone.com wrote: On Mon, 1 Nov 2010, Zeeshan Zakaria wrote: Hi Cary, Can you email me off the list to poin... Don't do it! Zeeshan might be an attacker!! :) Just kidding Zeeshan. Couldn't resist. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
Finding and punishing the abusers is the real problem, specially when in my country (Canada) where we generally don't like punishing people (or they get away finding loop holes in the law, or thanks to their lawyers), how would we catch people in other parts of the world and punish them? Apparently wilderness of the Internet is protected by law and law makers everywhere want to keep it this way. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 1:56 PM, jon pounder j...@inline.net wrote: On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net wrote: I was goin... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Here's my take on the attack... Sigh... http://www.stuartsheldon.org/blog/2010/11/sip-brute-force-attacks-escalate-over-halloween-weekend/ Stu - -- Open up the window Let some air into this room I think I'm almost chokin' From the smell of stale perfume And that cigarette you're smoking 'Bout scared me half to death Open up the window, sucker Let me catch my breath -- Three Dog Night - Mama Told Me Not to Come - Lyrics -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJMzxG7AAoJEFKVLITDJSGS+CMP/RvuM7AGLJZ25CXjKeN80K76 goVnHW4SwQMoIJI7uwBzFhaCdpsalJZ/HikUvMzguAna8qu27x1xtJhOO6TrhVYb 2bD/L/JSrnwKij+sGUyh2hQ50hsedOPxsBNivuyg8JlvTMrIrExSPlWpLRYzqa/X pvGV02OLjFzcHmQGxH1ZcU3ScPMEXic5QI8Fzancp7WS1Gk52eeY+iB42m3cGDbc pQylKUCqVaPwyfx3n7EkE3eZlq6eSBahD4THo6w8IKInpU8Woi7wgt66eKhH7J2m NCho2S8pfHIzUdft3glkRvJkJclUes02vxVqZ0kqwlSezBrBrDrHo9HOsctXTsVs r18ty+0TUpm5afpTSaNATks2d5IOPt7uAVNJTuFZBjCU7nIlSNRfv59ksjNHgvKG qkV2VHclbfu8uUua9zflmA0+zIML53KZK2v49jJSyiwLq+foceociQJjm1aepGMS jw+XM1Ip6i7qnFbBj4bVV+rN+deU8XK7mvbMFM4ZUC4tPeeYL7HeErlaBKhwSdej tBXaf0u9d9TMuzybWytH0ySsep+lE0kwMxha94d9kHSR9I4HHTsFU6NCFpzY/Q9n AdMfdVLvTWfnlVfqYlcdRKSF5qGGRParooWJFLF9Ac71rgPTKUCpjd5aJEm/A5wI U06woZnx7qPTczEXHuOM =vy+i -END PGP SIGNATURE- -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Here's my take on the attack... Sigh... http://www.stuartsheldon.org/blog/2010/11/sip-brute-force-attacks-escalate-o ver-halloween-weekend/ Stu They were trolling for SIP account IDs, not really trying to register. It was a coordinated bot or spoofed source attack not The Halloween Club doing tricks. Any small system should: Use IPTABLES and block any parts of the world you don't need access to/from. Start with any Class A address that is probing your system. Make your SIP IDs 8-12 characters in length, and use at least alpha numerical characters, some special characters if you like a little more variety. bear3579 b3e5a7r9 Bear3579 La3579ke Or more. Do the same for passwords. 6543office 7659home Etc. Are these perfect? No, but they are human friendly, and require the exploiter to hack a 16 to 24 character combination ID and Password that has 36 or more characters in the character set. Of course some dashes or periods or commas or others can be added. And when you see an attack if it isn't from a network on your planet, put the whole network in IPTABLES. (And get the world country delegations for IP addresses and block all not on your planet.) $.02 Cary Fitch -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
On Mon, 1 Nov 2010, Cary Fitch wrote: Any small system should: Use IPTABLES and block any parts of the world you don't need access to/from. Start with any Class A address that is probing your system. Make your SIP IDs 8-12 characters in length, and use at least alpha numerical characters, some special characters if you like a little more variety. bear3579 b3e5a7r9 Bear3579 La3579ke Or more. Do the same for passwords. 6543office 7659home How about: echo cary+salt | sha1sum where salt is something only you know. And when you see an attack if it isn't from a network on your planet, put the whole network in IPTABLES. (And get the world country delegations for IP addresses and block all not on your planet.) (Ever do something you think may get you 'roasted'? I'm getting that feeling right now...) I've just created a resource on voip-info.org that contains all of the allocated class A IP address blocks by Regional Internet Registry in 'iptables' format. Please don't apply this list in it's entirety without understanding that you will be blocking a LOT of potential [ab]users. http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks So you can 'pick and choose' which parts of the world you want to communicate with. It's a pretty broad brush and I'm sure it could use some refinement and correction, but attempts on my client's systems have just about evaporated. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
On 1 November 2010 21:20, Steve Edwards asterisk@sedwards.com wrote: On Mon, 1 Nov 2010, Cary Fitch wrote: Any small system should: Use IPTABLES and block any parts of the world you don't need access to/from. Start with any Class A address that is probing your system. Make your SIP IDs 8-12 characters in length, and use at least alpha numerical characters, some special characters if you like a little more variety. bear3579 b3e5a7r9 Bear3579 La3579ke Or more. Do the same for passwords. 6543office 7659home How about: echo cary+salt | sha1sum where salt is something only you know. And when you see an attack if it isn't from a network on your planet, put the whole network in IPTABLES. (And get the world country delegations for IP addresses and block all not on your planet.) (Ever do something you think may get you 'roasted'? I'm getting that feeling right now...) I've just created a resource on voip-info.org that contains all of the allocated class A IP address blocks by Regional Internet Registry in 'iptables' format. Please don't apply this list in it's entirety without understanding that you will be blocking a LOT of potential [ab]users. http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks So you can 'pick and choose' which parts of the world you want to communicate with. It's a pretty broad brush and I'm sure it could use some refinement and correction, but attempts on my client's systems have just about evaporated. -- I know there was talk on VUC recently about some kind of realtime RBL for SIP. Has anything progressed? It would be SO easy for asterisk users to contribute to a blacklist and also do a lookup in realtime to see if an IP has been blacklisted. A little bit of joined up thinking in the community could eliminate this issue. Would also be another major + for Asterisk as a platform.. Regards Brian -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
I know there was talk on VUC recently about some kind of realtime RBL for SIP. Has anything progressed? It would be SO easy for asterisk users to contribute to a blacklist and also do a lookup in realtime to see if an IP has been blacklisted. A little bit of joined up thinking in the community could eliminate this issue. Would also be another major + for Asterisk as a platform.. Regards Brian Some systems need to communicate with the world. Other only with their own network, and a few selected outside addresses. If anyone from Amsterdam or Nigeria or Malaysia (and 100 other countries) is trying to get on our system, we are surprised! Vail Colorado, not so much. :-) Cary Fitch -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
Be careful, telcos may make the users responsible if they have insecure PBXes...right now they often write off much of the charges. But I do agree that there would be a lot less garbage on the net if everyone was liable for their insecurity. Heck, there would be no SIP attacks if everyone's systems were secure - there would be no gain in trying to exploit reasonably unexploitable systems. On Nov 1, 2010, at 11:54 AM, jon pounder j...@inline.net wrote: On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Monday, November 01, 2010 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Zeeshan Zakaria Sent: Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] FW: Under heavy attack
On 11/01/2010 08:20 PM, Joel Maslak wrote: Be careful, telcos may make the users responsible if they have insecure PBXes...right now they often write off much of the charges. you must have a great telco - around here even credits that are agreed to seldom show up on the bill without investing more time chasing it than the credit is worth. But I do agree that there would be a lot less garbage on the net if everyone was liable for their insecurity. Heck, there would be no SIP attacks if everyone's systems were secure - there would be no gain in trying to exploit reasonably unexploitable systems. On Nov 1, 2010, at 11:54 AM, jon pounder j...@inline.net mailto:j...@inline.net wrote: On 11/01/2010 01:44 PM, Nyamul Hassan wrote: I think the only real solution here is to make people take more responsibility for their actions - find and punish the actual abusers - make users liable for damages caused by infected PC's - defaults from an isp should be everything locked down but with user able to request more ports being opened at no extra cost, if a user asks for it they then take on responsibility for the use of that port. LOL On Mon, Nov 1, 2010 at 23:33, Cary Fitch ca...@usawide.net mailto:ca...@usawide.net wrote: I was going to point out a failing of the attackers, but figured they read the list and don’t need any more tips. Cary Fitch *From:* asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Monday, November 01, 2010 12:13 PM *To:* Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] FW: Under heavy attack And obviously these attackers read our emails on lists like this and adjust their sick strategies accordingly. Zeeshan A Zakaria -- www.ilovetovoip.com http://www.ilovetovoip.com www.pbxforall.com http://www.pbxforall.com (beta) On 2010-11-01 12:02 PM, Jamie A. Stapleton jstaple...@computer-business.com mailto:jstaple...@computer-business.com wrote: Only 100? We had a single server over 300. *From:* asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com mailto:asterisk-users-boun...@lists.digium.com] *On Behalf Of *Zeeshan Zakaria *Sent:* Saturday, October 30, 2010 9:49 PM To: Asterisk Users Mailing List - Non-Commercial Discussion *Subject:* Re: [asterisk-users] Under heavy attack My count has reached 100 for the day. The server serves doesn't serve international calls anywa... Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak jmas...@antelope.net mailto:jmas...@antelope.net wrote: No. It seems that opening ... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users