VoIP Mailing List Archives :: View topic - [asterisk-users] Allowing calls to me@mydomain.org securely on Asterisk 11 box?

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Allowing calls to me@mydomain.org securely on Asterisk 11 box?

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

asterisk-list at puzzl...
Guest

Posted: Mon Jan 13, 2014 9:24 am Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

Hi all, I'm looking into adding the ability to call me at me@mydomain.org on my Asterisk 11 box. Does anyone have any tips or dialplan snippets to allow this kind of access as securely as possible? Thanks, Patrick -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

paul.belanger at polyb...
Guest

Posted: Mon Jan 13, 2014 8:36 pm Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

On Mon, Jan 13, 2014 at 9:24 AM, Patrick Lists
<asterisk-list@puzzled.xs4all.nl> wrote:

Quote:

Hi all,

I'm looking into adding the ability to call me at me@mydomain.org on my
Asterisk 11 box. Does anyone have any tips or dialplan snippets to allow
this kind of access as securely as possible?

Well, if you want anybody to call you, you need to leave it open to
the public. Meaning, you can't really secure it. Obviously, don't
have any outbound trunks configured on the box so that the only
location some could dial would be your extension.

--
Paul Belanger | PolyBeacon, Inc.
Jabber: paul.belanger@polybeacon.com | IRC: pabelanger (Freenode)
Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk-list at puzzl...
Guest

Posted: Mon Jan 13, 2014 9:20 pm Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

On 14-01-14 02:36, Paul Belanger wrote:

Quote:

On Mon, Jan 13, 2014 at 9:24 AM, Patrick Lists
<asterisk-list@puzzled.xs4all.nl> wrote:

Quote:

Hi all,

I'm looking into adding the ability to call me at me@mydomain.org on my
Asterisk 11 box. Does anyone have any tips or dialplan snippets to allow
this kind of access as securely as possible?

Thanks for your feedback Paul. The not having outbound trunks is going
to be a challenge. So next to fail2ban I guess I'll cook up some
dialplan logic that records IP addresses, keeps track of the amount of
failed password attempts etc. and block the offending IP addresses
together with max simultaneous outband calls and anything else I can
think of to beef up security and limit potential damage.

Thanks,
Patrick

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

steve-lists at geekint...
Guest

Posted: Tue Jan 14, 2014 4:39 am Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

On 14 Jan 2014, at 02:19, Patrick Lists <asterisk-list@puzzled.xs4all.nl> wrote:

Quote:

Thanks for your feedback Paul. The not having outbound trunks is going to be a challenge.

Why? it’s what contexts were invented for.

Steve
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk-list at puzzl...
Guest

Posted: Tue Jan 14, 2014 12:07 pm Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

Hi Steve,

On 14-01-14 10:39, Steven Howes wrote:

Quote:

On 14 Jan 2014, at 02:19, Patrick Lists <asterisk-list@puzzled.xs4all.nl> wrote:

Quote:

Thanks for your feedback Paul. The not having outbound trunks is going to be a challenge.

Why? it’s what contexts were invented for.

Yes that is indeed what they are for but in the case "they" find a
loophole or exploit a bug then not having outbound trunks is much safer.

Regards,
Patrick

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk.org at sedwar...
Guest

Posted: Tue Jan 14, 2014 8:44 pm Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

On Tue, 14 Jan 2014, Patrick Lists wrote:

Quote:

...I guess I'll cook up some dialplan logic that records IP addresses,
keeps track of the amount of failed password attempts etc. and block the
offending IP addresses...

A few iptables rules can protect you from access from China, North Korea,
Iran, Iraq, xxxistan, Russia, Nigeria, and any other country you're not
expecting calls from.

Eliminate 90% of the problem at the front door and you can focus more
clearly on the remaining 10%.

--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk-list at puzzl...
Guest

Posted: Wed Jan 15, 2014 12:37 am Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

Hi Steve,

On 15-01-14 02:44, Steve Edwards wrote:

Quote:

On Tue, 14 Jan 2014, Patrick Lists wrote:

Quote:

...I guess I'll cook up some dialplan logic that records IP addresses,
keeps track of the amount of failed password attempts etc. and block
the offending IP addresses...

Yes that's one of the tricks in my bag. Unfortunately it seems that the
IP ranges from ip-deny.com are no longer available and even their
website has disappeared.

Would you mind sharing where you get the per country IP ranges from?

Regards,
Patrick

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk.org at sedwar...
Guest

Posted: Wed Jan 15, 2014 12:53 pm Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

On Wed, 15 Jan 2014, Patrick Lists wrote:

Quote:

Would you mind sharing where you get the per country IP ranges from?

I confess I 'brute forced' it by entering '/8s' into ARIN's web page and
noting if the block had been assigned to a 'foreign' NIC -- not really a
reliable and robust methodology, but it worked for me.

A great way to kill time while on hold for customer dis-service.

--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk-list at puzzl...
Guest

Posted: Wed Jan 15, 2014 1:14 pm Post subject: [asterisk-users] Allowing calls to me@mydomain.org securely

Hi Steve,

On 15-01-14 18:53, Steve Edwards wrote:

Quote:

On Wed, 15 Jan 2014, Patrick Lists wrote:

Quote:

Would you mind sharing where you get the per country IP ranges from?

If it works... Smile

Quote:

A great way to kill time while on hold for customer dis-service.

Definitely. If any of the calls lasted more than entering 20 /8s I hope
it was to cancel the service.

I found another solution: install the geoip kernel module from
xtables-addons, install the MaxMind GeoIP country database and add some
rules to the iptables config to block a country.

Regards,
Patrick

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum