VoIP Mailing List Archives :: View topic - [asterisk-users] Connecting peer if the peer is already connected

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Connecting peer if the peer is already connected

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

lucabert at lucabert.de
Guest

Posted: Tue Jun 09, 2015 1:44 pm Post subject: [asterisk-users] Connecting peer if the peer is already conn

Hi list! I'm working hard to securing my Asterisk... Now I deleted all possibility to access the node as "anonymous" and every call through the proxy will be checked (just known peers are allowed to use it). Furthermore, I restricted the registration of my home phones to the Network I reserved for them and I changed the port on my Firewall, so that I don't use 5060 anymore. Now I have the problem for my cellphone... I need to register from almost any IP (at least in Europe), so I can't restrict it. Well, the password is NOT simple and random. Now, I tried to register the user of my cellphone using a PC, as my cellphone was already registered. And Asterisk accepted this registration... Unfortunately, I didn't found any option to restrict this try... How can I do it? And, very important, how can I trigger an event (Shell-Script) if someone tries to register as a peer, that is already registered or if the login was NOT successful, or even if my cellphone successfully registered (for example, to send me an E-Mail)? Thanks Luca Bertoncello (lucabert@lucabert.de) -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

asterisk_list at earth...
Guest

Posted: Wed Jun 10, 2015 2:36 am Post subject: [asterisk-users] Connecting peer if the peer is already conn

On Tuesday 09 Jun 2015, Luca Bertoncello wrote:

Quote:

Now, I tried to register the user of my cellphone using a PC, as my
cellphone was already registered.
And Asterisk accepted this registration... Sad

Did you actually reboot the server, as opposed to simply reloading your
firewall configuration and stopping and restarting asterisk? I've known some
moderate to severe weirdnesses that seemed to be caused by the kernel
remembering out-of-date routing details.

(I'm sure there is a simple command that will flush and rebuild the kernel's
routing information without needing the big red switch, but that was nearer
.....)

Quote:

Unfortunately, I didn't found any option to restrict this try...
How can I do it? And, very important, how can I trigger an event
(Shell-Script) if someone tries to register as a peer, that is already
registered or if the login was NOT successful, or even if my cellphone
successfully registered (for example, to send me an E-Mail)?

Take a look at fail2ban. It monitors log files for error messages, and can add
firewall rules to disconnect IP addresses involved in suspicious activity.

--
AJS

Note: Originating address only accepts e-mail from list! If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

lucabert at lucabert.de
Guest

Posted: Wed Jun 10, 2015 2:42 am Post subject: [asterisk-users] Connecting peer if the peer is already conn

Zitat von A J Stiles <asterisk_list@earthshod.co.uk>:

Quote:

On Tuesday 09 Jun 2015, Luca Bertoncello wrote:

Quote:

Now, I tried to register the user of my cellphone using a PC, as my
cellphone was already registered.
And Asterisk accepted this registration... Sad

Well, I'm not sure...
But I can't remember to have configured somewhat for "accept more
registration"...
Reading an Answer in this list a couple of day ago, I thought, it is
not allowed per default...

Quote:

Take a look at fail2ban. It monitors log files for error messages,
and can add
firewall rules to disconnect IP addresses involved in suspicious activity.

This will not work, since the Firewall is NOT on the Server running
Asterisk...

Thanks
Luca Bertoncello
(lucabert@lucabert.de)

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

dplatt at radagast.org
Guest

Posted: Wed Jun 10, 2015 12:22 pm Post subject: [asterisk-users] Connecting peer if the peer is already conn

Quote:

Now I have the problem for my cellphone... I need to register from almost any
IP (at least in Europe), so I can't restrict it.
Well, the password is NOT simple and random.

Now, I tried to register the user of my cellphone using a PC, as my cellphone
was already registered.
And Asterisk accepted this registration... Sad

Were you trying to register the PC using the *correct* credentials used
by your phone (the right username and password), or *incorrect*
credentials (wrong password)?

If your PC offered up the correct credentials, then I believe it's
entirely normal behavior for Asterisk to accept this registration, and
"bump off" the previous registration which used these same credentials.

Asterisk (and most SIP servers) will treat this situation as an "Oh,
this is a valid user of mine who has moved to a different IP address."

The same thing would happen if your cellphone were (for example) to
switch from cellular IP to WiFi, or vice versa, or (in many cases) moved
from one service area to another.

The way you avoid confusion between multiple devices, is use different
(unique) credentials for each SIP client... and, of course, use strong,
difficult-to-guess passwords.

Any time you try to share credentials between two or more distinct
devices, confusion *will* occur if both devices are on-line at the same
time. You can never tell which of the two will succeed in establishing
and holding a registration... although it will typically be the one
which forces through a registration packet the most frequently.

If you were to somehow tell Asterisk "Don't accept a different
registration for my cellphone user XXXX, if user XXXX is already
registered", you could quite easily find yourself unable to register the
cellphone with Asterisk for a prolonged period of time... the PC could
lock you out, and the cellphone could lock *itself* out every time it
moved from one IP network to another.

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

lucabert at lucabert.de
Guest

Posted: Wed Jun 10, 2015 12:45 pm Post subject: [asterisk-users] Connecting peer if the peer is already conn

Dave Platt <dplatt@radagast.org> schrieb:

Quote:

Were you trying to register the PC using the *correct* credentials used
by your phone (the right username and password), or *incorrect*
credentials (wrong password)?

Of course, with the CORRECT credentials... Smile

Quote:

If your PC offered up the correct credentials, then I believe it's
entirely normal behavior for Asterisk to accept this registration, and
"bump off" the previous registration which used these same credentials.

Right! This is what happens... And what I'd like to correct...

Quote:

Asterisk (and most SIP servers) will treat this situation as an "Oh,
this is a valid user of mine who has moved to a different IP address."

The same thing would happen if your cellphone were (for example) to
switch from cellular IP to WiFi, or vice versa, or (in many cases) moved
from one service area to another.

Well, if I'm on WiFi I surely don't need my cellphone in Asterisk, since I
use it only to receive calls if I'm not at home (holiday)

Quote:

The way you avoid confusion between multiple devices, is use different
(unique) credentials for each SIP client... and, of course, use strong,
difficult-to-guess passwords.

All client have different credentials and the password are random (32 chars).

Quote:

If you were to somehow tell Asterisk "Don't accept a different
registration for my cellphone user XXXX, if user XXXX is already
registered", you could quite easily find yourself unable to register the
cellphone with Asterisk for a prolonged period of time... the PC could
lock you out, and the cellphone could lock *itself* out every time it
moved from one IP network to another.

Well, as I said, this is not a problem for me...
How can I do that? And, how can I for example send an E-Mail if the client
connect?

Thanks
Luca Bertoncello
(lucabert@lucabert.de)

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum