asterisk users - Oct 2011 - Free ticket for Astricon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

I've got a ticket for Astricon but i can't go ... So i don't want to
lost it for nothing and i want to give it for free to the asterisk
community.
Just send me a tweet to @avencall with astricon in the tweet. I will
choose at random the tweet for the winner . The end is friday afternoon
at 4am.

Have fun.
Sylvain

- -- 
Sylvain BOILY
Proformatique Inc - 2590, boul. Laurier, local 770, Qu?bec, G1V 4M6
Tel. : +1 418 476 5458 - Fax. : +33 1 41 38 99 70
Email : sboily at proformatique.com - http://proformatique.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJOl1JAAAoJEFfSa6I0jU6KmOcIAJ8yOJN5j1q/ecxl5oP9Jvrt
LdTcBq8D9uc11TYV3J5DhxG1YWZgEUPswIwq+vtXgWkaO1QLcLp7odfGgQN9eFwZ
7B/sGNR1RrWAyyeyWFEDcweSWYpMeUxI03n+KGa6PBu5/XOGqtvc6Xjx67vmze3k
+TV+h1KlxGlivyVC96PYmH+L6pJ2xMxJiOTmGLiFSrnStvtrGwF9iwdb1BPZk96D
mXyXkKxvV/CiHsQQxtd4KoBHPBQm3fy5ph4GWXMaSvtlLqo9QFwNHZcik+1FzEGa
AsSLK3KVxyGzNVXVaoDouh5DM2C51gNpdVFujTc18lsW1z7Wl3hnSi8MfnCPX5s=XqY+
-----END PGP SIGNATURE-----

Hi there

Consider this. You have three SIP extension 200, 201 and 202 and you have
configured your phones, say Polycom 331 to those accounts. 200 being one
very sensitive individual.

Lets say, an insider, get a new phone or perhaps an xlite and configure it
with the same extension, 200. Asterisk will register it as 200 to the new
IP address.  Now extension 202 call 200. The hacker answers it and pretend
is the same person. Do what he want to do and thats it.

Question;
How can i stop this type of threat

Regads
Peter

Terry Wilson wrote:
>
>> Is there a way one can bind sip account to specific mac-address
>> (assume on
>> the same subnet). In this way, even if you know the username/secret,
>> you
>> will still have to use the same physical phone, unless you play with
>> mac-address.
>
> No. And mac addresses are easily spoofed so it would not help. Use
> passwords. Keep them safe.
Thanks. Let me see how best i can complicate them per phone. Ooops, 1000
sip phones
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

> Thanks. Let me see how best i can complicate them per phone. Ooops,
> 1000
> sip phones
If it were me, I would look into Asterisk Realtime for handling the SIP phones.
I would then write a script to generate the configs for the phones into the SIP
realtime database with random passwords. Match up the phones with the accounts
and provision the phones. You would most likely use a provisioning server of
some kind to generate the actual phone configurations. You can check out the
res_phoneprov module in Asterisk, find another one somewhere, or write your own.
Many people tend to write their own for large installations. I did.

If you have a big installation like this and are wondering about things like
whether mac addresses should be used for security, it might also be a good idea
to hire a consultant. Check out the asterisk-biz mailing list.

Terry

Thanks Terry!
Let me think of all possibilities and shall holla. Can you be one?


Terry Wilson wrote:
>> Thanks. Let me see how best i can complicate them per phone. Ooops,
>> 1000
>> sip phones
>
> If it were me, I would look into Asterisk Realtime for handling the SIP
> phones. I would then write a script to generate the configs for the phones
> into the SIP realtime database with random passwords. Match up the phones
> with the accounts and provision the phones. You would most likely use a
> provisioning server of some kind to generate the actual phone
> configurations. You can check out the res_phoneprov module in Asterisk,
> find another one somewhere, or write your own. Many people tend to write
> their own for large installations. I did.
>
> If you have a big installation like this and are wondering about things
> like whether mac addresses should be used for security, it might also be a
> good idea to hire a consultant. Check out the asterisk-biz mailing list.
>
> Terry
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

On Friday 14 October 2011, Muro, Sam wrote:
> Hi there
> 
> Consider this. You have three SIP extension 200, 201 and 202 and you have
> configured your phones, say Polycom 331 to those accounts. 200 being one
> very sensitive individual.
> 
> Lets say, an insider, get a new phone or perhaps an xlite and configure it
> with the same extension, 200. Asterisk will register it as 200 to the new
> IP address.  Now extension 202 call 200. The hacker answers it and pretend
> is the same person. Do what he want to do and thats it.
> 
> Question;
> How can i stop this type of threat
Be careful who you employ and how you treat them  :)

Once someone has physical access to your equipment, all bets are off .....

-- 
AJS

Answers come *after* questions.

Thanks A.J

I know and I can assure you no one will get that physical access to the
system.

A J Stiles wrote:
> On Friday 14 October 2011, Muro, Sam wrote:
>> Hi there
>>
>> Consider this. You have three SIP extension 200, 201 and 202 and you
>> have
>> configured your phones, say Polycom 331 to those accounts. 200 being
one
>> very sensitive individual.
>>
>> Lets say, an insider, get a new phone or perhaps an xlite and configure
>> it
>> with the same extension, 200. Asterisk will register it as 200 to the
>> new
>> IP address.  Now extension 202 call 200. The hacker answers it and
>> pretend
>> is the same person. Do what he want to do and thats it.
>>
>> Question;
>> How can i stop this type of threat
>
> Be careful who you employ and how you treat them  :)
>
> Once someone has physical access to your equipment, all bets are off .....
>
> --
> AJS
>
> Answers come *after* questions.
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 2011-10-13 17:04, Sylvain Boily a ?crit :
> Hello everybody,
> 
> I've got a ticket for Astricon but i can't go ... So i don't
want to
> lost it for nothing and i want to give it for free to the asterisk
> community.
> Just send me a tweet to @avencall with astricon in the tweet. I will
> choose at random the tweet for the winner . The end is friday afternoon
> at 4am.
> 
> Have fun.
> Sylvain
> 

Hello, game is finish, Charles is the winner.
Have fun at Astricon :)
Hope to coming next year :(

- -- 
Sylvain BOILY
Proformatique Inc - 2590, boul. Laurier, local 770, Qu?bec, G1V 4M6
Tel. : +1 418 476 5458 - Fax. : +33 1 41 38 99 70
Email : sboily at proformatique.com - http://proformatique.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJOmJ0cAAoJEFfSa6I0jU6KmxQIAKqit9BLyZFuLmYqpj6PL2VM
/siWFZmI4XtLTd3VxMI4Drw1HqAdEbLyi+ctEY52HVu0CSnYGH6Bkn98nfYh1x3h
IJqoOGXe3mg6umj+IbgfuiC0vw34UKPNV0kNQXvjWW8fGpuh5RZuGc7471CJkFhY
9ZNXXWpaaIanLl+CqkGRkjBVFJjZ2obsJa/jNlxAOzECELzAYSFKNUeNArzYMHJD
YB/P3C6r8oXBElGcqBZSqZAEwTS6SFrHTF8Vzc98Uznj6dZSlwe10HKbrfGbJnOJ
r2SWLUwJ8zrjoVFynSCIEZaLUWFsAeOGt88OSgToZJE/oVSuDxrxHbVpNCPiWHM=hHw8
-----END PGP SIGNATURE-----