similar to: Asterisk how to setup alarm too many outgoing calls from same user

If this is a small site, I recommend you download the free version of SecAst (www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does NOT use the log file, or regexes, to match etc.instead it talks to Asterisk through the AMI to extract security information. Messing with regexes is a losing battle, and the lag in reading logs can allow an attacker 100+ registration

Hello, I would like to setup a mechanism to trigger an alarm if user is deal too many numbers within a very short period of time. Safeguard against users hacked accounts. can someone help? Thanks,

The Authenticate application will do this for you. https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Application_Authenticate You can either give it a single PIN to use for all calls, Authenticate using a value in the Asterisk Database, Or use a plain text file for the PIN's On Mon, Jul 6, 2015 at 2:43 PM, Motty Cruz <motty.cruz at gmail.com> wrote: > Hello All, > >

I'm guessing this is a small/home system? I suggest you install SecAst from this site: www.telium.ca It's free for small office / home office and will deal with these types of attacks and more. It can also block users based on their Geographic location (based on the phone number it attempted to dial I suspect this is middle east), look for suspicious dialing patterns, etc. If you

Hello, I used this guide, it worked for me: http://www.binaryheartbeat.net/2014/03/asterisk-pin-based-dialing.html Thanks, On 07/06/2015 04:54 PM, John Kiniston wrote: > The Authenticate application will do this for you. > > https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Application_Authenticate > > You can either give it a single PIN to use for all calls, Authenticate

Do you have DISA setup? We're seeing lots of attackers running scripts that send digits until they strike a DISA, misconfigured mailbox, etc. (Assuming it wasn't a stupid employee forwarding an inbound call to a 9xxxxxxx number etc). Have a look at SecAst (www.generationd.com) - it detects callers sending too many digits, monitors digit dialing speeds, etc. to help identify and block

Hello, fail2ban does not ban offending IP. NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong password NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' - Wrong password systemctl status

On Fri, Jan 9, 2015 at 5:24 PM, Michelle Dupuis <mdupuis at ocg.ca> wrote: > I'd suggest taking a look at the free edition of SecAst ( > www.generationd.com). It handles these messages perfectly (and can also > use AMI security events) - so you don't need to constantly be updating > fail2ban rules. It's a drop in replacement for fail2ban. > > -M- > >

Hello All, I will like to configure Asterisk to use PIN Code for all outgoing international calls. Also, any suggestions as to when should I prompt users for code prior to dialing the number or after dialing the number? can someone provide with a example on how to accomplish this goal? I am a bit confuse by this :

Hello, I continued to see this errors in the logs: [2015-12-02 10:05:57] NOTICE[19949]: chan_sip.c:23277 handle_request_invite: Failed to authenticate device 100<sip:100 at xx.xx.xx.xx>;tag=10cdeaf7 how do I guard against this kinds of attacks? Also, to get the IP address from where this attack come from I use the following command "tcpdump -lni eth0 -f "udp port 5060"

The results of a security experiment were published this week, in which an Asterisk PBX was set out in the wild to see who would attack it and how: http://www.telium.ca/?honeypot1 What I find particularly interesting is that people/bots are scraping support websites looking for valid IP's of PBX's, and valid credentials! A good reminder to everyone on this list to not publish the IP

On 10/28/2015 06:37 PM, Pete Mundy wrote: > Hi Motty, > > Isn't the whole point of the nonce in a SIP registration to ensure the > secret doesn't go on the wire in plain-text? Is this not enough, or > are you looking to hide the username too? > > (if so, fair 'nuf, just wondering why :) > > Pete > > Ps, if so then I think TLS is the missing part of

here is what I have: exten => _9XXXXXXX,1,Set(l_HomeAreaCode=381) exten => _9XXXXXXX,n,Set(dialnumber=${l_HomeAreaCode}${EXTEN:-1}) exten => _9XXXXXXX,n,Dial(SIP/SIP-Provider/${dialnumber},80) not having success; "Got SIP reponse 503" Service Unavailable" On 04/27/2015 02:19 PM, Bryant Zimmerman wrote: > Motty > Yes > From your dial plan accept 9 + 7 digits

forgot to mentioned I am running Asterisk 1.8.22.0 on CentOS. Thanks, On 04/27/2015 02:38 PM, Motty Cruz wrote: > here is what I have: > > exten => _9XXXXXXX,1,Set(l_HomeAreaCode=381) > > exten => _9XXXXXXX,n,Set(dialnumber=${l_HomeAreaCode}${EXTEN:-1}) > > exten => _9XXXXXXX,n,Dial(SIP/SIP-Provider/${dialnumber},80) > > not having success; > >

> On 27Apr, 2015, at 16:39, Motty Cruz <motty.cruz at gmail.com> wrote: > > forgot to mentioned I am running Asterisk 1.8.22.0 on CentOS. > > Thanks, > > > On 04/27/2015 02:38 PM, Motty Cruz wrote: >> here is what I have: >> exten => _9XXXXXXX,1,Set(l_HomeAreaCode=381) >> >> exten =>

Motty Yes From your dial plan accept 9 + 7 digits then concat your dialed number together with your areacode. This s a brief example. exten => _9XXXXXXX,1,Set(l_HomeAreaCode=555) exten => _9XXXXXXX,n,Set(dialnumber=${l_HomeAreaCode}${EXTEN-1}) ;; This line should combine your area code and the last 7 digits of your dialed phone number exten =>

this code worked for me, here is what I did and worked for me: exten => 1381+NXXXXXX,1,Set(CALLERID(number)=3817383444) exten => 1+NXXNXXXXXX,2,Dial(SIP/SIP-Provider/${EXTEN:1},80) Thanks for you help! On 04/27/2015 02:56 PM, Matt Riddell wrote: > >> On 27Apr, 2015, at 16:39, Motty Cruz <motty.cruz at gmail.com >> <mailto:motty.cruz at gmail.com>> wrote:

On 28/10/15 13:29, Motty wrote: > my domain controller, AD is windows 2000. That is my environment. > > Thanks, > Motty > > On 10/28/2015 01:31 AM, Mueller wrote: >> So we have a samba 4.1.17 Domain running and have truble to with >> windows 8.1 cutt off the shares in the domain from time to time. >> We researched a lot without beeing successfull. The users

Hello Victor, I did set debug on, but I don?t see any errors. I did tcpdump, client is trying to register: here is the header of a udp packet User Datagram Protocol, Src Port: 55300, Dst Port: 5060 Session Initiation Protocol (REGISTER) Request-Line: REGISTER sip:pbx.mydomain.com:5060 SIP/2.0 Method: REGISTER Request-URI: sip:pbx.mydomain.com:5060 [Resent

Ok , digging more into this i could see that (timers=no) and (timers=forced) not work asterisk not pay attention to this options when is reloaded cli not say anything and when the pjsip show endpoint <endpoint> it show always timers=yes when (timers=no) and (timers=forced) to that endpoint. I wonder to force asterisk to refresh the session in some cases when is needed . pjsip is able to