I see. So there is no way to assign priorities to multicast channels then? The receiver will not be a phone but a SIP board that I have access to programing. Is there any way the SIP terminal can identify with channel is wich?
↧
Multicast Features Development
↧
Suspicious activity
It would be a client. So this thread was started a week ago and it was determined that you had the same SIP password for all your extensions, they were short passwords, you were using TFTP for provisioning and you were compromised. You stated you were going to be changing passwords and it was suggested you move to HTTPS for provisioning.
Now roughly 24 hours ago you stated the same thing when you opened this thread. More calls being made that shouldn’t be. So now the questions are:
- Did you move from TFTP to HTTPS for your provisioning?
- Did you change all the passwords?
- Did you make them longer and more complex?
- What steps have you actually taken to secure this box?
Because if you taken a bunch of steps and this still happened a week later, then they are in your box another way and you really need to find it. Otherwise, if you’ve done nothing we’ve spent the last 24 hours troubleshooting an issue that was left unresolved from earlier in the week.
↧
↧
FreePBX/Asterisk Logging Cipher
Gotcha, that video did help thanks!
↧
Multicast Paging Phone Ring
In your call logs are you confirming ALERTINFO=Alert-Info: Intercom (the solution he came up with)? and that your using intercom?
↧
Multicast Features Development
Multicast and SIP are two very different ‘protocols’, it would be up to you to arrange for any ‘bridged signalling’ between them.
↧
↧
SIP Trunk ( incoming ) remains in an "unknown" state
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
↧
Registering voiper client to my freepbx
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
↧
Trusted network blocked by Firewall
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
↧
Multicast Features Development
Actually no. You have never legally been allowed to hook up a radio to your PBX and rebroadcast a station as on-hold music.
↧
↧
CID Superfecta and Google Contacts: Authorization Error
Thank you for the update but error message I am receiving does not allow a click through for some reason.
↧
Suspicious activity
This thread started with an incident, I was unavailble for days, then taken up again with a new incident with the same parameters.
-
Did you move from TFTP to HTTPS for your provisioning?
To be done -
Did you change all the passwords ?
Yes, all passwords, user and device -
Did you make them longer and more complex?
Yes, 25 char random generated unique to each device -
What steps have you actually taken to secure this box?
Firewall is enabled, Responsive is enabled on pjsip, ip authorization locked at provider. I also notified the abuse contact for the offending ip address, wow-tel.com
To do: change port 5060/5061 to something else and change to HTTP provisioning.
With these changes we have had no incursions since.
↧
Suspicious activity
That would mean if they got the details from spoofing MACs or hammering TFTP services, then they have the details and just need to spoof the MACs again and pull the configs. Thus giving them the passwords that you changed.
This is leaving the door open.
↧
Any chance we might see an updated blacklist module?
One idea we had was kind of a blended approach. We had a few tables we made on a web front end. The operation controls these front end tables.
- Permanent pass list
- Permanent flag list
- Caller Flexible flag checker
- Control to dynamically adjust the flag criteria (x matches in y seconds)
- Entry for area code + prefix and another for 10-digit number
- DID Flexible flag checker
- Control to dynamically adjust the flag criteria (x matches in y seconds)
Custom Dial Plan
- Number on pass list? If yes, send the call though unchallenged.
otherwise - Number on flag list? If yes, send to IVR challenge.
otherwise - Query the CDR on the fly for the last y seconds, counting the number of times the area code + prefix appear. Is the count higher than the defined x? If yes, send to IVR challenge.
otherwise - Query the CDR on the fly for the last y seconds, counting the number of times the 10 digit phone number appears. Is the count higher than the defined x? If yes, send to IVR challenge.
otherwise - Query the CDR on the fly for the last y seconds, counting the number of times the DID has been dialed. Is the count higher than the defined x? If yes, send to IVR challenge.
otherwise
send the call though unchallenged.
The give is, is that at the beginning of the attack some calls will slip in, BUT in exchange, you don’t have to prompt customers unnecessarily all the time. As the attack ramps up, specific ranges of numbers and DIDs get the IVR prompt, while the majority are unaffected. As the attack dies down, the numbers fall off and you don’t have to worry about permanently flagging a number that might be legitimate later.
↧
↧
Softphones and kari's law/baum act
All,
I know that this is a hot topic and I have read through many of the previous threads. My question is a bit more specific.
I have customers that are considering keeping their employee’s home permanently. They want to provide business phones to them. They want to use a softphone but I am aware of the kari’s law issues.
My question, is…given they are home and have at least one phone (if not 2), do we still need to provide 911 on the softphone? If the company instructs the user NOT to use the softphone for 911, does that give us a pass?
how are others handling this?
thanks
↧
Softphones and kari's law/baum act
I recommend consulting with a legal expert on the requirements unique to your region/location. Using the defense of “The forum said it was okay” is not sound advice to be risking your business on.
↧
CID Superfecta and Google Contacts: Authorization Error
Thank you for the walk trough, although as already mentioned by James the error prevents any sort of “click through” or ignore action. (you can see the screenshot above that the prompt has changed now: there is just the error message with no button)
↧
Softphones and kari's law/baum act
A device, regardless of hardware or software, that is in a fixed location is a Fixed Device. Those must comply now with new installs, with the deadline for existing being Jan 2021.
This means that a Bria softphone for a desktop that sits at someone’s home is a fixed device. It has no plans to be moved on a regular basis.
A device that moves/mobile on a regular basis is a Non-Fixed Device. Those got 2 years to get something together because it requires more. This, again, does not apply to a hardphone or softphone but how it is used. If you are in your office on the second floor and take your Polycom to the office on the 4th floor, it moved and needs to be updated. If you do this daily, weekly, etc. It’s non-fixed.
If the device can make calls to the PSTN, it must be able to make calls to PSAPS. That’s it. Only internal, non-PSTN connected systems are exempt.
↧
↧
Remote Extension Won't Register
You may want to check the pbx firewall settings by going to Connectivity->Firewall, and looking at the networks tab so see if you’re house network is not included. Also, can you tell us what routers are being used on your pbx network, as well as your houses? Typically, you don’t have to do any special setup on your home router, but it’s still worth knowing while troubleshooting something like this.
What does the Asterisk CLI show during these registration attempts? It would also help to see more about the packet trace, like the details within those REGISTER packets, and the tcpdump command that was used. For example, it could be a clue if you’re seeing your grandstream’s internal ip in the Contact header instead of your house network’s WAN address. This is assuming a VPN isn’t involved.
↧
Remote Extension Won't Register
Hey wmoon, thanks for the respnse. I can confirm that my house’s WAN ip address is allowed on the PBX firewall.
I am using a pfsense firewall at both my office and my house. Currently all outbound ports are open at my house and as stated, the necessary ports are forwarded on the pfsense at the office.
When I ran the tcp dump, I just ran “tcpdump port 5060” which gave the output shown above. I did however, just run a “tcpdump port 5060 -vv” and uploaded a screenshot of what I got back. (The green mark is my house WAN IP and the blue is my office WAN IP.
So as you stated, it does in fact look like it is using the private IP address of the phone in the contact header. Am I right by thinking this has something to do with the NAT settings on the phone?
↧
Zulu merge calls
We use Zulu with 20 licenses and FreePBX. The Zulu desktop is a young product and will improve over time but other than the call-merge issue in this post no complaints.
↧