On Sat, Jul 23, 2011 at 1:38 PM, CDR <[email protected]> wrote: > I beg to differ. Digium is hiding from the real world and somebody is
Because you have no clue how to secure a box its someone elses fault? > going take the software and run with it. My customers lost in excess > of $50.000 and cut my pay in half, because of hackers. The hackers You deserved being fired all together. It was YOUR fault they hacked it. > figured out how to scan every asterisk for weak passwords or open > ports, and bang them real good. We need two things: a) disable in > sip.conf the reply for INVITES that have wrong user information, and > also, b) disable any response to any REGISTER packet altogether. Can > somebody please write patch? Or should we go broke trying to stop the > flood of criminals coming from abroad? > Federico > > On Sat, Jul 23, 2011 at 1:00 PM, > <[email protected]> wrote: >> Send asterisk-users mailing list submissions to >> [email protected] >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://lists.digium.com/mailman/listinfo/asterisk-users >> or, via email, send a message with subject or body 'help' to >> [email protected] >> >> You can reach the person managing the list at >> [email protected] >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of asterisk-users digest..." >> >> >> Today's Topics: >> >> 1. Re: use dahdi for local terminal modem access? (Lyle Giese) >> 2. dialplan pattern help (Armand Fumal) >> 3. Re: Securing Asterisk - How to avoid sending, "SIP/2.0 603 >> Declined" (Patrick Lists) >> 4. Re: Securing Asterisk - How to avoid sending, "SIP/2.0 603 >> Declined" (Paul Belanger) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Sat, 23 Jul 2011 09:29:26 -0500 >> From: Lyle Giese <[email protected]> >> Subject: Re: [asterisk-users] use dahdi for local terminal modem >> access? >> To: [email protected] >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> >> On 07/22/11 22:47, William Stillwell wrote: >>> Um, no VOIP involved here. >> >> Wrong. What do you think Asterisk is? Chopped meat? It's a VoIP >> switch. All traffic inside Asterisk is VoIP. >> >>> >>> I have an asterisk server with 2 23B+D PRI's >>> >>> I want to telnet/ssh into the asterisk server, and make an outbound call >>> serial based modem/terminal connection (Like the 80/90's BBS Days). >>> >>> No TCP/IP or PPP or crazyness >>> >>> (ie, dialing into a Modem set to AA hooked to a Cisco Console Port) >>> >>> >>> >>>> -----Original Message----- >>>> From: [email protected] [mailto:asterisk-users- >>>> [email protected]] On Behalf Of Lyle Giese >>>> Sent: Friday, July 22, 2011 8:07 PM >>>> To: [email protected] >>>> Subject: Re: [asterisk-users] use dahdi for local terminal modem >>>> access? >>>> >>>> On 07/22/11 18:13, William Stillwell wrote: >>>>> I have some terminals that have phone lines. >>>>> >>>>> One of my tech had an idea of using IAXmodem or something similar to >>>> use >>>>> existing PRI/DAHDI Trucks for dial out via the asterisk/Linux >>>> console. >>>>> >>>>> Anybody ever heard of doing this? >>>>> >>>>> I would think maybe would use iaxmodem maybe and a shell terminal >>>> app? >>>>> >>>>> (basically I'm dialing into a remote access device that uses a pots >>>> like >>>>> for remote administration, and don't want to string a channel bank >>>> off >>>>> my asterisk box, and a hook to a modem) >>>>> >>>>> >>>>> >>>>> -- >>>> >>>> Depends on your expectation. Because of compression in the codecs, it >>>> will be hard to get fast dialup. If you mean ssh or telnet, it might >>>> work. If you mean vnc or RDP over this, you may not get enough usable >>>> bandwidth to do that. >>>> >>>> Given this, I have in an emergency dialed into a RAS server via a VoIP >>>> line. My laptop connected at 14,400bps. All I needed to do was telnet >>>> into an APC masterswitch to toggle power on one outlet. It worked. >>>> >>>> I was surprised at getting a 14,400bps connect. I was not expecting >>>> that high and really did not need that high. 300 baud probably would >>>> have been fast enough to telnet into an APC masterswitch. >>>> >>>> Lyle Giese >>>> LCR Computer Services, Inc. >>>> >>>> -- >>>> _____________________________________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>> http://www.asterisk.org/hello >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >>> >>> -- >>> _____________________________________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>> http://www.asterisk.org/hello >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> >> >> >> ------------------------------ >> >> Message: 2 >> Date: Sat, 23 Jul 2011 14:30:42 +0000 >> From: Armand Fumal <[email protected]> >> Subject: [asterisk-users] dialplan pattern help >> To: "[email protected]" >> <[email protected]> >> Message-ID: >> >> <2584e1abc3629c4d85a61b8dc4d27297096f1...@exchangelu.lu.cybernet.local> >> >> Content-Type: text/plain; charset="us-ascii" >> >> Hi all, >> >> I need help for make a pattern for a special case that i can't find the >> solution. >> >> In my case I want to match these in one pattern: >> >> This is the same ext that can come in 4 cases >> >> exten => _42704701,1,Macro(dialfax,${EXTEN:-8}) ; case with 42704701 >> exten => _X42704701,1,Macro(dialfax,${EXTEN:-8}) ; case with >> 042704701 >> exten => _XXXX42704701,1,Macro(dialfax,${EXTEN:-8}) ; case with >> +3242704701 >> exten => _XXX42704701,1,Macro(dialfax,${EXTEN:-8}) ; case with >> 3242704701 >> >> I have try _.42704701 but the parser stop to check after the point "." :-( >> >> So did you have any suggestion ? >> >> Regards >> >> Armand Fumal >> >> >> >> >> ------------------------------ >> >> Message: 3 >> Date: Sat, 23 Jul 2011 17:48:44 +0200 >> From: Patrick Lists <[email protected]> >> Subject: Re: [asterisk-users] Securing Asterisk - How to avoid >> sending, "SIP/2.0 603 Declined" >> To: Asterisk Users Mailing List - Non-Commercial Discussion >> <[email protected]> >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> On 07/23/2011 04:00 PM, Paul Belanger wrote: >>> A UAS rejecting an offer contained in an INVITE SHOULD return a 488 >>> (Not Acceptable Here) response. Such a response SHOULD include a >>> Warning header field value explaining why the offer was rejected. >> >> If the choice is to get hacked/DDOS'ed/etc or compliance with an RFC >> created by people who had no appreciation for the rather ugly world out >> there then why not throw the RFC out of the window and *not* reject an >> invite with a 488? It sounds like an interesting option to add to >> "10"/trunk. Better secure than compliant & sorry. Why not do a little >> Microsoft Embrace & Extent? Like e.g. Sonus and Cisco do with their >> interpretation of SIP. >> >> Regards, >> Patrick >> >> >> >> ------------------------------ >> >> Message: 4 >> Date: Sat, 23 Jul 2011 12:07:49 -0400 >> From: Paul Belanger <[email protected]> >> Subject: Re: [asterisk-users] Securing Asterisk - How to avoid >> sending, "SIP/2.0 603 Declined" >> To: [email protected] >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> On 11-07-23 11:48 AM, Patrick Lists wrote: >>> On 07/23/2011 04:00 PM, Paul Belanger wrote: >>>> A UAS rejecting an offer contained in an INVITE SHOULD return a 488 >>>> (Not Acceptable Here) response. Such a response SHOULD include a >>>> Warning header field value explaining why the offer was rejected. >>> >>> If the choice is to get hacked/DDOS'ed/etc or compliance with an RFC >>> created by people who had no appreciation for the rather ugly world out >>> there then why not throw the RFC out of the window and *not* reject an >>> invite with a 488? It sounds like an interesting option to add to >>> "10"/trunk. Better secure than compliant & sorry. Why not do a little >>> Microsoft Embrace & Extent? Like e.g. Sonus and Cisco do with their >>> interpretation of SIP. >>> >> Personally, I don't see this as a solutions. SIP already provides some >> ability to help with security (EG: TLS, SRTP) however that is basically >> the extent of it. >> >> The way I see it, it is outside the scope of SIP; it's a signaling >> protocol. If 'security' is really something you want to establish, many >> existing tools are available to handle this (EG: VPN, firewalls, >> encryption, etc). >> >> As previously mentioned, there is no easy, simple solution. Securing >> ones services takes work (and time) to do it right. Most people don't >> want to spend the effort monitoring it. >> >> -- >> Paul Belanger >> Digium, Inc. | Software Developer >> twitter: pabelanger | IRC: pabelanger (Freenode) >> Check us out at: http://digium.com & http://asterisk.org >> >> >> >> ------------------------------ >> >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> AstriCon 2010 - October 26-28 Washington, DC >> Register Now: http://www.astricon.net/ >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> End of asterisk-users Digest, Vol 84, Issue 44 >> ********************************************** >> > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
