May 29, 2015 | VoIP Case Study
Thousands of people choose MAYANOT for their Taglit-Birthright Israel trip each year for good reason. We spare no expense to give an experience of a lifetime! Participants enjoy a high-quality Israel experience that includes ten days jam-packed with activities and attractions together with young Israelis and participants from diverse backgrounds. Wherever participants are from and no matter their Jewish background, they feel at
home on a MAYANOT trip. Mayanot is built upon a love for Israel,the Jewish people, our common history and the Jewish tradition. Mayanot draws inspiration from Chabad spirituality. With passionate Israel tour educators, participants delve into the historical, political, cultural, and spiritual dimensions of Israel. Mayanot makes a point of tapping into contemporary Israeli life and providing participants with the opportunity to make Israeli friends, enjoy the nightlife, and visit beaches, museums, and cafes. For our campus-based Taglit-Birthright Israel trips, we partner with the Chabad on Campus International Foundation through their 100 +
centers across the United States.
Because our participants are in the United States, and our offices are in Israel, we need a complex telephone solution to be able to receive and make calls with our candidates and participants. We run a call center with about twenty-five workstations that handles a heavy load of calling during our peak registration period. We’ve used Didforsale for a number of years now to manage our inbound calls, and have them forward to our local Israeli phone server. We’ve had only positive experiences both with the Didforsale staff and the service itself.
Written by: DIDForSale Customer
Jitschak Rosenbloom
May 19, 2015 | HowTo
Lately we have been asked by lot of customers about how they can monitor their asterisk server. Follow these simple steps to monitor asterisk or freeswitch server. Actually you can monitor any SIP Server with these steps. We strongly suggest running this on a server other that Asterisk or freeswitch.
Install Nagios Core : Download latest source from https://www.nagios.org/download
./configure –prefix=/usr/local/nagios –with-nagios-user=nagios –with-nagios-group=nagios
make; make install
Install nagios plugins
./configure –prefix=/usr/local/nagios/
make; make install
Download the check_sip file from https://exchange.nagios.org/directory/Plugins/Network-Protocols/*-VoIP/SIP/check_sip/details
cd /usr/local/nagios/libexec/
wget https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=1307&cf_id=24
To make sure if this works fine, run this command.
./check_sip -u sip:102@asterisk_ip -H asterisk_ip
Output will be like this
SIP/2.0 200 OK 0.001121 seconds response time|’rtt’=0.001121s;0.5s;1s;0:10;
Configure Nagios
cd /usr/local/nagios/etc/objects
Create a new command, add the below code to command.cfg
define command{
command_name check_sip
command_line $USER1$/check_sip -u $ARG1$@$HOSTADDRESS$ -H $HOSTADDRESS$
}
Remember the name check_sip, we will use this name later to configure the service.
Add asterisk/freeswitch host to monitor.
cd /usr/local/nagios/etc/objects/hosts/linuxservers
Linux servers is the directory I created, you can name it anything you want.
vi asteriskservers.cfg
define host{
use production-host
host_name ast1
alias Asterisk_server1
address 192.168.1.20
}
cd /usr/local/nagios/etc/objects/services/linuxservices
vi sip-services.cfg
define service{
use production-master-service
host_name ast1
service_description SIP_Service_Check
check_command check_sip!sip:102
}
Here is my production-master-service template.
From file /usr/local/nagios/etc/objects/template.cfg
define service{
name production-master-service
is_volatile 0
initial_state o
max_check_attempts 2
check_interval 3
retry_interval 1
active_checks_enabled 1
passive_checks_enabled 1
check_period 24×7
obsess_over_service 0
check_freshness 0
freshness_threshold 30
event_handler process-service-perfdata
event_handler_enabled 1
flap_detection_enabled 0
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
notification_interval 3
first_notification_delay 0
notification_period 24×7
notification_options w,u,c,r,s
notifications_enabled 1
contact_groups on-call
contacts nagios-warnings
notes $SERVICECHECKCOMMAND$
register 0
}
102 can be anything that your asterisk/freeswitch can respond to. Username or DID Number. Reload Nagios and have happy sleep. Nagios will wake you up before your customers. Send emails to a special email address where you add a filter on your phone to make some sound.
Jan 19, 2011 | All About VoIP, HowTo
These instructions were provided by one of our customer.
1) follow the <a href=“https://www.didforsale.com/blog/?p=47”>same instructions</a> to setup a *SIP* trunk (not an IAX trunk)
2) in pbx web console, create an IAX extension. Make sure to
– enter a secret. This secret will be used later on so make sure to enter it.
– disable dictation service
– set “Record Incoming / Outgoing” to “Never”
3) Create an inbound route that forwards to the newly created IAX extension above
4) create a new virtual fax with the same extension and secret as in step 2)
5) restart asterisk and you’re done
Hope this will help you using our DIDs for FAX.
www.didforsale.com
Nov 2, 2010 | All About VoIP, Asterisk Security, VoIP Security
This week one of our customer was attacked by more than 10000 Unique IPs. These hackers try to register on your system using some random username and easy to crack password. Few week back I wrote few tips on securing your asterisk servers.
https://www.didforsale.com/blog/?p=185
Even if you took all the steps to secure your asterisk, still you dont want these attackers to flood your system with dummy registration requests. Use iptables and easy to implement shell script to block these attackers. You can easily block flooding traffic to your system. Iptables, can be used to filter IP traffic, provides high level packet filtering. Use the shell script below and setup a cron and have a good night sleep. The script will automatically block the IPs flooding your Asterisk system with failed registration requests.
Monitor Asterisk’s Log for Failed Registrations
In most cases of a sip flood attack, the host tries to register on your Asterisk. All the failed attempts from these hosts are identified in the Asterisk log (/var/log/messages or /var/log/full if you are using Asterisk Based PBX as “No matching peer found.” The following script scans /var/log/full for these patterns, strips the IP address of attacker, and block it.
Script reads the log file and use IPTABLES to block any further attempts. While reading the log file it always set a check in and check out flag. So that next time it can start from last check out position.
Copy the code and save in /usr/local/bin/check_sip_attack
chomod 755 /usr/local/bin/check_sip_attack
#########Start from Next line ##########
#!/bin/bash
# Script Donated by www.didforsale.com
#crontab -l
# make an entry in Crontab
#01-59/2 * * * * /usr/local/bin/check_sip_attack
PATH=${PATH}:/usr/sbin
BINDIR=dirname $0; echo $BINDIR | grep ^/ > /dev/null || BINDIR=pwd/dirname $0
arch=”uname -m–uname -s”
mach=”hostname”
# echo “BINDIR= ” ${BINDIR}
cd /var/log/asterisk
log=”full”
if [ ! -r ${log} ]; then
printf “could not read error file (${log})n”
else
start=”grep -n -e CRON: start ${log} | tail -n -1 | sed s/:/ /g | awk '{print $1}'”
stop=”grep -n -e CRON: stop ${log} | tail -n -1 | sed s/:/ /g | awk '{print $1}'”
if [ “$start” = “” ]; then start=0; fi
if [ “$stop” = “” ]; then stop=0; fi
if [ “$start” -le “$stop” ]; then
error=”tail -n +${stop} ${log} | grep -i Registration | grep -i Failed | tail -n +1”
if [ ! ( “x$error” = “x” ) ]; then
printf “nnCRON: start — sending info — datenn” >> ${log}
ccc=printf "%s" "$error" | wc -l | awk '{print $1}'
if [ $ccc -gt 0 ]; then
printf “EXCERPT FROM ASTERISK LOG FILE ${log}:nn%snnDONE.nn” “$error”
printf “%s” “$error” > /tmp/sipappatck.tmp
for ip in cat /tmp/sipappatck.tmp | awk '{print $11}' | sort | uniq | sed s/'//g ; do
echo “iptables -I INPUT -s $ip -j DROP”
/sbin/iptables -I INPUT -s $ip -j DROP
done
fi
printf “nnCRON: stop — info sent — datenn” >> ${log}
fi
fi
fi
exit 0
# end
#########Stop here ##########
Final step is to schedule the script with cron. Add a line in cron.
01-59/2 * * * * /usr/local/bin/check_sip_attack
This will run the scrip for every two minutes (Of course you can change the timings) and have a good night sleep.
Any questions or comments are very welcome.
www.didforsale.com
Sep 5, 2010 | All About VoIP
Do you know?
You can be responsible for thousands of dollar of calls made out of your asterisk?
Your system can be used to spam people.
Your system can be used for fraudulent activities.
Your customers can be out of service until you realized the problem and fix it.
How?
Weak passwords on extensions.
Allow registration from unknown networks.
Weak Root passwords for your System.
Weak password for Admin accounts.
So by now you must have understand why it is so important to secure you VoIP system. Not only to save you from all the monetary losses but also to protect you from all the legal or ethical issues.
Here are few important thing that you must do.
– Have strong password
– Allow registration only from trusted networks.
– Put a limit on extensions on the type of calls they can make.
– Put a limit of extension no of calls or number of minutes they can make in a day.
– Running automated scripts to monitor the activity on your system on all the extensions.
This link has nice tips.
http://blogs.digium.com/2009/03/28/sip-security/
Here I copy pasted important steps.
1) Don’t accept SIP authentication requests from all IP addresses. Use the “permit=” and “deny=” lines in sip.conf to only allow a reasonable subset of IP addresess to reach each listed extension/user in your sip.conf file. Even if you accept inbound calls from “anywhere” (via [default]) don’t let those users reach authenticated elements!
2) Set “alwaysauthreject=yes” in your sip.conf file. This option has been around for a while (since 1.2?) but the default is “no”, which allows extension information leakage. Setting this to “yes” will reject bad authentication requests on valid usernames with the same rejection information as with invalid usernames, denying remote attackers the ability to detect existing extensions with brute-force guessing attacks.
3) Use STRONG passwords for SIP entities. This is probably the most important step you can take. Don’t just concatenate two words together and suffix it with “1″ – if you’ve seen how sophisticated the tools are that guess passwords, you’d understand that trivial obfuscation like that is a minor hinderance to a modern CPU. Use symbols, numbers, and a mix of upper and lowercase letters at least 12 digits long.
4) Block your AMI manager ports. Use “permit=” and “deny=” lines in manager.conf to reduce inbound connections to known hosts only. Use strong passwords here, again at least 12 characters with a complex mix of symbols, numbers, and letters.
5) Allow only one or two calls at a time per SIP entity, where possible. At the worst, limiting your exposure to toll fraud is a wise thing to do. This also limits your exposure when legitimate password holders on your system lose control of their passphrase – writing it on the bottom of the SIP phone, for instance, which I’ve seen.
6) Make your SIP usernames different than your extensions. While it is convenient to have extension “1234″ map to SIP entry “1234″ which is also SIP user “1234″, this is an easy target for attackers to guess SIP authentication names. Use the MAC address of the device, or some sort of combination of a common phrase + extension MD5 hash (example: from a shell prompt, try “md5 -s ThePassword5000″)
7) Ensure your [default] context is secure. Don’t allow unauthenticated callers to reach any contexts that allow toll calls. Permit only a limited number of active calls through your default context (use the “GROUP” function as a counter.) Prohibit unauthenticated calls entirely (if you don’t want them) by setting “allowguest=no” in the [general] part of sip.conf.
I hope this will keep you away from some troubles.
-Jai
