Displaying 20 results from an estimated 54 matches for "alwaysauthreject".
2017 Feb 09
3
Disallow CALLS without registry
HI ALL
got small question
i use call-limit=1 on peers
but call limit is not working if user is not registered on PBX and
making calls
so the main question is -- how to Disallow CALLS without registering on PBX
--
Best regards
Antony
tel. +380669197533
tel2. +380636564340
Paypal http://paypal.me/Satskiy
2017 Feb 10
2
Disallow CALLS without registry
...> On Thu, 2017-02-09 at 14:58 +0200, ????? ?????? wrote:
>
>
>> so the main question is -- how to Disallow CALLS without registering
>> on PBX
>
> sip.conf configuration
> In the [general] section, define:
>
>
> [general]
> ...
> allowguest=no
> alwaysauthreject=yes
> ...
I don't think either of these configuration attributes achieve what the OP requested ("how to Disallow CALLS without registering on PBX").
In fact, I'm not sure that it's actually possible to disallow [authenticated] calls from a peer that hasn't registered!...
2010 Aug 18
3
Playing with sipvicious ..
... using it as a tool and understanding what it does...
So one part of it's toolset identifys valid SIP accounts - and I was under
the impression that alwaysauthreject=yes was supposed to stop this...
However, it sends a request for a highly probably non-existent account,
then sends requests for probably existing accounts and I guess compares
the results - account not found vs. bad username or password... It thus
trivially, and very quickly finds valid accoun...
2010 Nov 29
1
ID'ing failed auth IPs
So when someone's brute forcing your server is there a way to identify
the originating IPs without using a tcpdump? When I get a failed auth
on the console it shows 'account at asteriskserver' then tag=as25ca5023 (or
some random string, though it's a bit odd as alwaysauthreject = yes is
on in sip.conf). Anyway, the logs don't show anything more useful
either. Is there something obvious I'm missing? Cranking up verbosity
on the console doesn't seem to do anything.
hose
2013 Nov 04
1
No matching peers message has gone (1.8.23.1)
Hi
Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer get
the 'no matching peer' error when we get a dictionary SIP attack.
Now the logs always show a 'wrong password' when there actually isn't a
matching peer.
We even have alwaysauthreject = yes in our sip.conf.
Has anyone else noticed this phenomenon?
Thanks in Advance
Ish
--
Ishfaq Malik
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994
f: +44 (0)161 660 9825
e: ish at pack-net.co.uk
w: http://www.pack-net.co.uk
Registered Address: PACKNET LIMITED, Dup...
2010 Oct 03
3
SIP flood attacK
Hello all. I was recently the victim of a SIP flood attack. I'm wondering
what is the best method to prevent such things in the future.
Many thanks
Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101003/2e254523/attachment.htm
2011 Jan 19
1
sip dos question
...he attack
continues to guess only passwords. Of course, they can not guess
passwords like p(F9j43/Qgrhjv*&^3 so i'm still not worried, but this
made me believe that asterisk responds differently when probing a valid
sip peer name.
So i was wondering through the sip.conf and found 'alwaysauthreject'
which was set to default (commented out). I now set its value to yes
(which i thought was the default setting).
Does this setting makes the attacker believe that the first try of sip
peer name was valid, but only the password was incorrect? So in this
case should they stick to the first...
2009 Nov 04
0
AST-2009-008: SIP responses expose valid usernames
...| header. If the peer does exist the second REGISTER will |
| | receive a response of "403 Authentication user name does |
| | not match account name". If the peer does not exist the |
| | response will be "404 Not Found" if alwaysauthreject is |
| | disabled and "401 Unauthorized" if alwaysauthreject is |
| | enabled. |
+------------------------------------------------------------------------+
+--------------------------------------------...
2013 Jun 02
1
Asterisk T.38 Pass-Through doesn't work
...oesn't work. Using udptl
debug, I can see packets between Asterisk and both sides (SPA112 and
PSTN fax) but it seems that faxes can't agree how to send image.
== sip.conf:
[general]
tcpenable=yes
videosupport=yes
transport=udp,tcp
dtmfmode=rfc2833
qualify=yes
directmedia=no
allowguest=no
alwaysauthreject=yes
rtcachefriends=yes
rtupdate=no
callcounter=yes
t38pt_udptl=yes,redundancy,maxdatagram=200
t38pt_rtp=no
t38pt_tcp=no
ignoresdpversion=yes
disallow=all
allow=alaw
allow=ulaw
externip=82.200.7.184
localnet=192.168.0.0/255.255.0.0
[mtt]
type=peer
host=80.75.130.136
fromuser=74957777777
disallow=al...
2014 Feb 03
1
call rejected because extension not found in context 'internal
Hi all,
I want to two sip clients connect through Asterisk in local network for
testing. My sip.conf file looks like this
[general]
context=internal
allowguest=no
allowoverlap=no
bindport=5060
bindaddr=0.0.0.0
srvlookup=no
disallow=all
allow=ulaw
alwaysauthreject=yes
canreinvite=no
nat=yes
session-timers=refuse
localnet=192.168.1.0/255.255.255.0
[7001]
type=friend
host=dynamic
secret=123abcd
context=internal
[7002]
type=friend
host=dynamic
secret=456abcd
context=internal
Am using linphone as sip client and create account on linphone with user
name 7001...
2013 Sep 18
2
sipgate outgoing calls
...-- SIP/sipgate-0000014d is circuit-busy
== Everyone is busy/congested at this time (1:0/1/0)
here is my sip.conf file
[general]
port = 5060
bindaddr = 0.0.0.0
context=default
qualify=no
disallow=all
allow=alaw
allow=ulaw
allow=g729
allow=gsm
allow=slinear
srvlookup=yes
videosupport=yes
alwaysauthreject=yes
register => SIP-ID:SIP-Password at sipgate.co.uk/SIP-ID
[sipgate]
type=peer
secret=SIP_PASSWORD
insecure=invite
username=SIP-ID
defaultuser=SIP-ID
fromuser=SIP-ID
context=sipgate_in
fromdomain=sipgate.co.uk
host=sipgate.co.uk
outboundproxy=proxy.live.sipgate.co.uk
qualify=yes
disallow=all...
2013 Sep 19
2
The call is established but without exchanged voice packets
...p.c:3641 retrans_pkt: Retransmission timeout reached on transmission Mjk3MGU1NjgxZWQwM2E3MjhjZmFiNzhjOGVjZjg5ZTc for seqno 2 (Critical Response) Here's my simple sip configuration[general]context=internalallowguest=noallowoverlap=nobindport=5060bindaddr=0.0.0.0srvlookup=nodisallow=allallow=ulawalwaysauthreject=yescanreinvite=nonat=yessession-timers=refuseexternip=<IP>[7001]type=friendhost=dynamicsecret=123context=internal[7002]type=friendhost=dynamicsecret=456context=internal A snoop capture for my call is uploaded in the following link. I wonder if there is any missing configuration or plugin nee...
2010 Nov 07
3
Why are the hackers scanning for these?
Hey, I'm going thru logs, and I see some very common and interesting things
that the hackers are looking for.
In a whole bunch of scans, I've noticed that the first guess or two for sip
accounts
is usually a 10-digit number. I'm asking myself, why these numbers? Are they
looking
for a voip trunk? Or is it just like a serial number for the scan? What?
Here's some examples:
2010 Sep 13
5
Force ip disconnect after register?
Is there a way to drop a ip connection to asterisk after a number of
register attempts.
I have been having issues with hackers doing registration scanning against
our server. We block their address at the fire wall but since asterisk does
not force a drop of the connect after so many bad reg attempts I can't
enforce the block until they drop and try again. This allows them to run
the box
2020 Feb 14
1
Predictive call - agent talking to a customer, then suddenly talking to another customer
...in a LAN and are then NATed to enable them to contact the Asterisk which is hosted in the cloud.
A typical sip.conf phone configuration on the remote server for the site is
[general]
session-timers=refuse
disallow=all
allow=g729:20
allow=ulaw
allow=alaw
fromuser=xxx
useragent=xxx
callcounter=yes
alwaysauthreject=yes
allowguest=no
jbnable=yes
jbforce=no
jbimpl=adaptive
jblog=no
jbmaxsize=200
jbresyncthreshold=1000
externaddr=xx.xx.xx.xx
localnet=xx.xx.xx.xx/255.255.255.0
[xxxx]
type=peer
user=xxxx
secret=xxxx
host=dynamic
disallow=all
allow=g729
allow=ulaw
allow=alaw
dtmfmode=rfc2833
context=xxxx
call-limi...
2010 Dec 20
4
Asterisk 1.6 produces *many* zombie processes on Debian.
We have an issue with our Asterisk install where Asterisk produces many
Zombie processes (on the order of several hundred per minute) until either
the Asterisk server is restarted (and the zombies die a natural death), or
the kernel runs out of PID space (happens within hours) and brings the
system to a halt.
This problem only happens when the server is under some non-trivial load.
We were
2010 Aug 30
1
Fail2ban integration issues with Asterisk 1.4.21 under Debian Lenny
...y quickly using up my 448 kbps upload limit for my home ADSL
connection: any further traffic (i.e. anything I did) was then
experiencing significant packet loss.
Anyway, I've now implemented the "7 steps to better Asterisk security"
that I found on the Digium website (deny/permit, alwaysauthreject etc.),
and have been looking at fail2ban. However, when I attempted to install
it (following the instructions I found on a page about fail2ban with
Asterisk), I ran into a couple of issues.
FWIW, I'm using Asterisk 1.4.21.2~dfsg-3+lenny1 on Debian.
First, I tried uncommenting the line in...
2015 Jun 08
4
Am I cracked?
...you can take to harden your systems. An internet search will bring
> up many, but here are a couple of good ones:
>
> http://blogs.digium.com/2009/03/28/sip-security/
> http://www.ipcomms.net/blog/70-11-steps-to-secure-your-asterisk-ip-pbx
> http://nerdvittles.com/?p=580
OK, I set alwaysauthreject = yes and I discovered a allowguest, which I set
to "no", too.
The PBX is behind a Firewall and I just allow UDP 5060 and 10000-10100.
Now I log the SIP-pakets coming from Internet, too...
Hopefully I solved my problem...
Thanks
Luca Bertoncello
(lucabert at lucabert.de)
2009 Oct 10
2
outgoing sip calls work; incoming calls fail
...9;m thinking there must be something wrong with my
Asterisk configuration yet I've made no config changes that would
account for the sudden (and consistent) incoming call failures.
Here's the relevant portions of my sip.conf if it helps (with
credentials and ips replaced by Xs):
[general]
alwaysauthreject=yes
dtmfmode=auto
disallow=all
allow=ulaw
register => XXXX:XXXX at XXX.XXX.XXX.XXX:5060
register => XXXX:XXXX at XXX.XXX.XXX.XXX:5060
[101]
type=friend
context=websage
host=dynamic
deny=0.0.0.0/0
permit=XXX.XXX.XXX.XXX/24
qualify=yes
secret=XXXX
mailbox=101 at default
accountcode=101
I...
2017 Jun 06
5
asterisk server - no sound
...es through just fine.
So my hunch is that is something to do with the audio supplied by the
server.
Do I need to have alsa installed??
Any hint?
sip.conf:
[general]
context = unauthenticated
bindport = 5060
bindaddr = 0.0.0.0
tcpbindaddr = 0.0.0.0
tcpenable = yes
videosupport = no
textsupport=yes
alwaysauthreject=yes
allowguest=no
[1001] ; grandstream 1
context = home
type = friend
callerid = One <1001>
secret = XYZ
host = dynamic
mailbox = 1001
disallow = all
allow = ulaw
transport = udp
dtmfmode=auto ; accept touch-tones from the devices, negotiated
automatically
nat=force_rport
[1005] ; mob...