00:00.05 | acro458 | zoiper isn't using the correct interface... |
00:11.19 | *** join/#asterisk EllenorL (~3113102@unaffiliated/ellenor) |
00:32.29 | *** join/#asterisk StuffBall (~StuffBall@sm3e210fc5.cust.navigue.com) |
00:32.52 | StuffBall | my server is receiving hunderds of reg attemps a second |
00:33.02 | StuffBall | how to i make it stop |
00:46.49 | [TK]D-Fender | Firewall it off |
00:53.47 | StuffBall | as long as i have strong passwords, i'm ok right? |
00:54.25 | [TK]D-Fender | Hundreds per second. |
00:54.28 | [TK]D-Fender | How many seconds? |
00:54.32 | [TK]D-Fender | How many minutes? |
00:54.40 | StuffBall | it's in bursts |
00:54.41 | [TK]D-Fender | How long do you want them draining your bandwidth? |
00:55.01 | [TK]D-Fender | How about if the stack actually buckles under load due to a bug? |
00:55.24 | [TK]D-Fender | No... leaving attackers alone so they continue is NOT a smart idea. |
00:55.36 | [TK]D-Fender | Block them off |
00:58.46 | EllenorL | fail2ban |
01:01.21 | *** join/#asterisk Draecos (~Draecos@203-121-194-197.e-wire.net.au) |
01:01.28 | StuffBall | thats great |
01:01.29 | StuffBall | thanks |
01:16.19 | *** part/#asterisk StuffBall (~StuffBall@sm3e210fc5.cust.navigue.com) |
01:25.37 | TandyUK | you know of any tutorial in getting failtoban to call an external script when blocking/unblocking an ip? |
01:26.07 | TandyUK | id like to have all my servers blocking ips on my perimiter, rather than single hosts |
01:33.28 | [TK]D-Fender | http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 |
02:04.17 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
02:21.07 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
02:46.30 | *** join/#asterisk Draecos (~Draecos@203-121-194-197.e-wire.net.au) |
03:05.30 | *** join/#asterisk KerioMorgan (~Adium@68.68.103.2) |
03:14.23 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
03:16.15 | *** join/#asterisk pppingme (~pppingme@unaffiliated/pppingme) |
03:20.42 | *** join/#asterisk crocodilehunter (~Thunderbi@CPE-121-211-223-68.hhui7.cht.bigpond.net.au) |
03:56.13 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
05:45.57 | *** join/#asterisk rrittgarn (~rrittgarn@75-150-221-196-Illinois.hfc.comcastbusiness.net) |
05:50.39 | *** join/#asterisk a|3x (~a|3x@199.180.128.141) |
05:50.43 | a|3x | hi |
05:51.10 | a|3x | what is the library that asterisk is using for the asterisk console interface? |
05:51.50 | a|3x | *asterisk manager interface |
06:17.51 | *** join/#asterisk gerhard7 (~gerhard7@77-172-82-111.ip.telfort.nl) |
06:25.32 | *** join/#asterisk arodrigu (~arodrigu@107.15.99.154) |
06:40.44 | *** join/#asterisk brc007 (~brc007@ip68-110-80-80.ph.ph.cox.net) |
06:46.08 | *** join/#asterisk lumasepa (~gestoip@193.145.124.30.local.ull.es) |
06:56.21 | *** join/#asterisk areski (~areski@80.174.128.115.dyn.user.ono.com) |
07:15.12 | *** join/#asterisk tzafrir (~tzafrir@local.xorcom.com) |
07:15.49 | *** join/#asterisk fling (~fling@fsf/member/fling) |
07:22.22 | *** join/#asterisk notze (~notze@tmo-109-15.customers.d1-online.com) |
07:22.48 | notze | hey guys: build_peer: 'tcp' is not a valid transport type when tcpenable=no whats going wron here:( i use freepbx and grep doesnt show tcpenable=no |
07:22.56 | *** join/#asterisk bmg505 (~leon@196-210-200-238.dynamic.isadsl.co.za) |
07:53.39 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
08:05.46 | *** join/#asterisk chuckf (~chuckf@pool-108-45-91-234.washdc.fios.verizon.net) |
08:07.10 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
08:20.52 | wdoekes | notze: have you tried adding tcpenable=yes ? |
08:22.43 | *** join/#asterisk DeeMaxX (~Miranda@93.153.201.211) |
08:24.33 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
08:25.23 | *** join/#asterisk Oatmeal (~Suzeanne@75-103-145-152.ccrtc.com) |
08:27.38 | *** join/#asterisk kolko (~kolko@46.48.58.17) |
09:02.11 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
09:07.36 | *** join/#asterisk areski (~areski@80.174.128.115.dyn.user.ono.com) |
09:23.36 | *** join/#asterisk _TWS (~chatzilla@23-25-122-113-static.hfc.comcastbusiness.net) |
09:51.33 | *** join/#asterisk ModFather (~ModFather@unaffiliated/modfather) |
10:10.36 | *** join/#asterisk clopez (~tau@neutrino.es) |
10:19.10 | *** join/#asterisk crocodilehunter (~Thunderbi@CPE-121-211-223-68.hhui7.cht.bigpond.net.au) |
10:41.29 | *** join/#asterisk infernix (nix@unaffiliated/infernix) |
10:59.42 | *** join/#asterisk notze (~notze@tmo-109-15.customers.d1-online.com) |
10:59.50 | notze | wdoekes, trying now:D |
11:04.58 | notze | wdoekes, it helped :S so why freepbx if its configuring the asterisk wrong ^ |
11:08.41 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
11:17.40 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
11:29.53 | *** join/#asterisk keithf (~keithf@ool-2f151dc2.static.optonline.net) |
11:35.47 | notze | wdoekes, now the port opened, i can telnet to it but tcpdump shows me only incoming packages :( |
11:39.36 | *** join/#asterisk thiagoc (~thiagoc@unaffiliated/thiagoc) |
11:59.26 | *** join/#asterisk fstd (~fstd@unaffiliated/fisted) |
12:08.27 | *** join/#asterisk [TK]D-Fender (~Joe@216-191-106-165.dedicated.allstream.net) |
12:22.59 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
12:37.25 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
12:47.27 | *** join/#asterisk gerhard7 (~gerhard7@77-172-82-111.ip.telfort.nl) |
12:55.13 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
13:04.24 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
13:06.48 | notze | proddiig |
13:07.01 | notze | prodding channel failed is my newest excercise |
13:16.40 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
13:17.25 | *** join/#asterisk areski (~areski@134.Red-88-27-168.staticIP.rima-tde.net) |
13:23.30 | Samot | notze: What is the over all issue? |
13:25.05 | notze | Samot, m sip phone is connected, when i call an external number: i get prodding channel failed |
13:25.17 | notze | i think mybe something is misconfigured with the trunk? |
13:27.36 | Samot | Is this straight Asterisk or is it FreePBX? |
13:37.48 | *** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n) |
13:37.48 | *** mode/#asterisk [+o cresl1n] by ChanServ |
13:40.04 | *** join/#asterisk mjordan (mjordan@nat/digium/x-ajjucnujupwxrkoq) |
13:40.04 | *** mode/#asterisk [+o mjordan] by ChanServ |
13:44.12 | *** join/#asterisk retentiveboy (~retentive@c-73-82-30-193.hsd1.ga.comcast.net) |
13:44.37 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
13:48.18 | *** join/#asterisk defsdoor (~andy@207.229-252-62.static.virginmediabusiness.co.uk) |
13:52.50 | *** join/#asterisk tristero (~al.f.zero@unaffiliated/transfinite) |
13:55.13 | *** join/#asterisk notze (~notze@tmo-109-15.customers.d1-online.com) |
13:55.18 | notze | Samot, free bpx |
13:55.46 | Samot | Then you really should be in #freepbx |
13:56.01 | Samot | FreePBX is a different beast from straight Asterisk. |
13:58.11 | notze | ok thx :D |
14:02.55 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
14:03.42 | gusto | look, here is a conf with directmedia=yes and directmediadeny=0.0.0.0/0, directmediapermit=192.168.0.0/16 ... and now the problem is that I would want to have the telephones on the 192.168.0.0/16 local network talk rtp between directly, but when this goes outside, then I would want to go p2p forwarding |
14:04.20 | gusto | but the way this works is that when he does see on one end (and this is always the case) the ip 192.168... he goes for directmedia, because he is only matching one side, and not both of them, ha? |
14:06.13 | *** join/#asterisk brad_mssw (~brad@66.129.88.50) |
14:06.37 | *** join/#asterisk kharwell (kharwell@nat/digium/x-dranbjeavpfnorjl) |
14:07.25 | *** join/#asterisk err-or_ (~err-or@p5497D0B1.dip0.t-ipconnect.de) |
14:10.08 | *** join/#asterisk Synthase_ (uid63346@gateway/web/irccloud.com/x-benuibbqbqcgwebk) |
14:24.14 | *** join/#asterisk theron (~theron@2620:10d:c091:200::d:e1ac) |
14:31.03 | *** join/#asterisk sekil (~sekil@78.24.109.159) |
14:43.01 | gusto | heh, ok, when I define it at the peers section, it works then better |
14:43.22 | gusto | but now the next problem is that on the remote side the codec that is talking back can change |
14:43.54 | gusto | and when that happens, it is natively p2p'd to the telephone, that still thinks that it is g722, even though it changed to alaw |
14:46.38 | *** join/#asterisk rmudgett (rmudgett@nat/digium/x-udbmrkealvkovfas) |
14:46.50 | *** join/#asterisk rmudgett (rmudgett@nat/digium/x-hnpoceqguniyggia) |
14:59.55 | *** join/#asterisk Sprocks (~Sprocks@BMTNON3746W-LP130-05-1176475207.dsl.bell.ca) |
15:10.01 | *** join/#asterisk theron (~theron@2620:10d:c091:200::e:1e31) |
15:18.46 | *** join/#asterisk busymind (~textual@c-24-21-79-235.hsd1.wa.comcast.net) |
15:20.04 | *** join/#asterisk jasonwert (~quassel@75-134-81-98.static.aldl.mi.charter.com) |
15:32.02 | *** join/#asterisk andresmujica (~andresmmu@ubuntu/member/andresmujica) |
15:56.43 | *** join/#asterisk F2Knight (~F2Knight@c-50-139-95-192.hsd1.or.comcast.net) |
16:00.36 | *** join/#asterisk andresmujica (~andresmmu@ubuntu/member/andresmujica) |
16:04.18 | *** join/#asterisk edong23 (~quassel@mptc-dhcp-50-50.mptelco.com) |
16:06.11 | edong23 | when an incoming call has anonymous, but the information is available in asterisk (NoOp(CALLERID(num)) shows the number) can i force this to then be set and remove the anonymous part of the call? Im not trying anything sketchy, its only for a sip based 911 service that uses the callerid information |
16:07.31 | [TK]D-Fender | "has anonymous" doesn't tell us WHERE |
16:07.35 | [TK]D-Fender | Show us the actual call |
16:07.59 | edong23 | pri debug or sip debug? or just asterisk console? |
16:08.32 | [TK]D-Fender | Where your call is coming from obviously. |
16:18.17 | edong23 | [TK]D-Fender: the call is coming from pri, then sip to a "call router" which decides where to send it I can get pri debug for the inbound, but the call is an anonymous call for sure (We own the telco switch) let me paste the console of the call first, then if you want the pri debug you can tell me. |
16:18.35 | edong23 | http://pastie.org/10776283 |
16:18.44 | [TK]D-Fender | If you aren't looking from the source then you're wasting time |
16:18.54 | [TK]D-Fender | and I do not have time to wastet |
16:19.10 | edong23 | the source as in pri? |
16:19.17 | edong23 | this is the source |
16:19.40 | edong23 | its an anonymous call (callid blocked at the source)... yet asterisk knows the caller id, but passing it along isnt happening. |
16:21.12 | WIMPy | Wouldn't pass one the same information if you have PAI enabled? |
16:21.48 | WIMPy | eeks |
16:21.55 | WIMPy | Wouldn't it pass on the same information if you have PAI enabled? |
16:22.08 | *** join/#asterisk eschmidbauer__ (~eschmidba@unaffiliated/eschmidbauer) |
16:22.09 | edong23 | i dont know what pai is.. |
16:22.26 | WIMPy | P-Asserted Identity |
16:22.55 | WIMPy | 'sendrpid=pai' |
16:23.17 | edong23 | ah... let me check that |
16:26.45 | *** join/#asterisk joser (~joser@198.57.49.254) |
16:28.31 | [TK]D-Fender | moves on to more productive matters |
16:28.44 | edong23 | hes always so cranky |
16:30.31 | *** join/#asterisk Oatmeal (~Suzeanne@75-103-145-152.ccrtc.com) |
16:44.48 | *** join/#asterisk jeffspeff (~Jeff@12.49.160.131) |
16:47.24 | jeffspeff | when using queues, what option needs to be set so that after ringing a user for 15 seconds and no answer the queue will move on and try calling the next user? also, what option do you set so that after a caller has been in the queue for 45 seconds they are removed and proceed in the dialplan? I'm thinking that setting "timeout" in queue.conf is what manages how long each user is tried and that the time value in APP_QUEUE is what specifies how long the |
16:47.24 | jeffspeff | caller is in the queue but i'm not sure. |
16:49.12 | [TK]D-Fender | "timeout" |
16:51.21 | jeffspeff | [TK]D-Fender, which aspect is "timeout" for? trying the next person in the queue or the total duration a caller is in the queue? |
16:51.36 | [TK]D-Fender | config file = timeout when dialing agents. Dialplan = how long to stay in the Queue period |
16:52.34 | jeffspeff | ok, if a timeout isn't specified in the dialplan app, does the caller just stay in the queue until answered? |
16:52.54 | [TK]D-Fender | It's stay until it has any reason not to |
16:53.06 | [TK]D-Fender | Excluding time clearly |
16:54.29 | jeffspeff | [TK]D-Fender, thanks. that clears things up for me |
16:54.43 | [TK]D-Fender | You're welcome |
16:55.33 | *** join/#asterisk bof22 (~Thunderbi@80.12.42.116) |
17:00.33 | edong23 | WIMPy: that works |
17:00.34 | edong23 | thank you |
17:02.09 | *** join/#asterisk elguero (cf9a22a3@gateway/web/freenode/ip.207.154.34.163) |
17:08.02 | *** join/#asterisk dtcrshr (~datacrush@unaffiliated/datacrusher) |
17:10.24 | jeffspeff | [TK]D-Fender, to clarify one more thing... timeoutrestart... if that is enabled and the agent is already on the phone asterisk receives a "busy" or "congested" and then the queue goes to the next agent or does it reset the time and ring the same agent for another XX seconds waiting for an answer other than busy/congested ? |
17:12.29 | *** join/#asterisk fstd (~fstd@unaffiliated/fisted) |
17:21.23 | [TK]D-Fender | https://github.com/asterisk/asterisk/blob/master/configs/samples/queues.conf.sample |
17:26.20 | gusto | eh eh eh |
17:27.00 | gusto | how do I tell asterisk that I do not want to transcode, just take a different codec |
17:27.32 | gusto | like when I am calling from a phone that can do only alaw, he should not try to reencode it to g722 for passing to the other end |
17:27.41 | *** join/#asterisk pchero (~pchero@109.70.54.56) |
17:53.41 | gusto | somehow my edgerouterlite does not fit into the cpu load, but I can not believe it, because it should be enough, is it possible that it is just recieving wrong packets and thus it goes to 100% of cpu? |
17:53.51 | gusto | I have no jitter buffer enabled |
17:55.49 | gusto | but, this jitter buffer conf in sip.conf seems to only be of SIP and not the UDP RTP packets |
18:02.13 | [TK]D-Fender | no such thing |
18:02.26 | [TK]D-Fender | There is no such thing as SIP jitter |
18:02.31 | [TK]D-Fender | Jitter is an AUDIO issue |
18:02.35 | [TK]D-Fender | and that is RTP |
18:04.13 | gusto | ok |
18:04.26 | gusto | so you mean when I enable the jitter buffer in SIP.conf it will help? |
18:16.53 | gusto | well, it did not, maybe it is really the high cpu load when transcoding from 722 to alaw and back over sln8 and sln16 |
18:17.01 | gusto | but still, it is hard to believe |
18:18.08 | *** join/#asterisk mjordan (mjordan@nat/digium/x-hyzsgkfpapvpqcry) |
18:18.08 | *** mode/#asterisk [+o mjordan] by ChanServ |
18:21.23 | [TK]D-Fender | That shouldn't be a heavy load |
18:23.51 | *** join/#asterisk vader- (~Adium@pool-100-14-218-41.phlapa.fios.verizon.net) |
18:39.06 | *** join/#asterisk areski (~areski@80.174.128.115.dyn.user.ono.com) |
18:40.29 | *** part/#asterisk deepend (~za-lord@unaffiliated/za-lord) |
18:43.45 | *** join/#asterisk beefcafe (~beefcafe@unaffiliated/beefcafe) |
18:46.50 | *** join/#asterisk netman (~netman@185.94.249.77) |
19:09.48 | *** join/#asterisk clopez (~tau@neutrino.es) |
19:19.36 | *** join/#asterisk theron_ (~theron@2620:10d:c091:200::ccaa) |
19:24.39 | *** join/#asterisk donwilliam (~donwillia@188.228.46.39) |
19:37.29 | *** join/#asterisk rmudgett (rmudgett@nat/digium/x-xciicfktrtwqmwof) |
19:40.05 | *** topic/#asterisk by file -> #asterisk The Open Source PBX and Telephony Platform (asterisk.org) -=- LTS: 13.7.2 (2016/02/05), 11.21.2 (2016/02/11); DAHDI: DAHDI-linux 2.10.0 (2014/08/13), DAHDI-tools 2.10.0 (2014/08/13); libpri 1.5.0 (2016/03/28) -=- Asterisk wiki: wiki.asterisk.org -=- Code of Conduct: bit.ly/1hH6P22 -=- Logs: bit.ly/1s4AKKu |
19:43.29 | *** join/#asterisk azerus (~badass@unaffiliated/badass) |
19:58.40 | *** join/#asterisk busymind (~textual@c-73-25-94-191.hsd1.or.comcast.net) |
20:13.33 | *** join/#asterisk busymind (~textual@c-73-25-94-191.hsd1.or.comcast.net) |
20:18.45 | *** join/#asterisk crocodilehunter (~Thunderbi@CPE-121-211-223-68.hhui7.cht.bigpond.net.au) |
20:32.31 | *** join/#asterisk busymind (~textual@c-24-21-173-84.hsd1.or.comcast.net) |
20:41.04 | gusto | yes |
20:41.09 | gusto | that's something I did think too |
20:41.25 | gusto | however, I fixed that problem with __SIP_CODEC and __SIP_CODEC_OUTBOUND |
20:41.47 | gusto | and the important parts were the leading __ so that it takes it over also to the outbounds and not only to itself |
20:41.56 | gusto | inheritance |
20:42.03 | gusto | whatever |
20:42.34 | gusto | now the second problem is that I would need to have 2 peers between two asktersisks |
20:42.37 | gusto | asterisks |
20:42.49 | gusto | because I want to have one peer for narrowband and the other for wideband |
20:43.23 | gusto | to get around this problem of reencoding, I need to forward those two types as peers |
20:43.41 | gusto | and there are two possible options, having one over TLS and the other over TCP or over UDP |
20:43.52 | gusto | or using IPv4 and IPv6 for the other one |
20:44.19 | gusto | but the coolest solution would be to have one asterisk to listen on two ports for TLS/TCP/UDP |
20:44.35 | gusto | but that is not possible with the standard SIP, is it? |
20:47.09 | *** join/#asterisk EOIP (~Thunderbi@CPE-121-211-223-68.hhui7.cht.bigpond.net.au) |
20:54.08 | *** join/#asterisk mondkalbantrieb (~quassel@sama32.de) |
20:59.10 | *** join/#asterisk EllenorL (~3113102@unaffiliated/ellenor) |
21:12.15 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
21:22.28 | *** join/#asterisk EOIP (~Thunderbi@CPE-121-211-223-68.hhui7.cht.bigpond.net.au) |
21:33.01 | *** join/#asterisk putnopvut (putnopvut@asterisk/master-of-queues/mmichelson) |
21:33.01 | *** mode/#asterisk [+o putnopvut] by ChanServ |
21:35.50 | jameswf | to confirm dialplan variables are still limited? |
21:35.55 | jameswf | in size |
21:36.01 | *** join/#asterisk amonk (~amonk@unaffiliated/amonk) |
21:40.20 | [TK]D-Fender | Always has been |
21:40.57 | amonk | is asterisk supposed to support ecc tls certificates? with an ecc cert, i get fail with... |
21:41.00 | amonk | [Mar 28 09:36:07] WARNING[1016297] tcptls.c: FILE * open failed! |
21:41.18 | amonk | but, with an rsa cert, i get all good with... |
21:41.43 | amonk | [Mar 28 09:36:21] VERBOSE[1004641] tcptls.c: SSL certificate ok |
21:42.20 | amonk | asterisk-11.18.0 |
21:43.05 | amonk | seems like not, or at least not with that version. |
21:43.12 | amonk | any clues appreciated |
21:44.20 | *** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou) |
21:45.52 | *** join/#asterisk cemotyz09 (~cemotyz09@cpe-70-121-157-202.satx.res.rr.com) |
21:48.02 | davlefou | i have that message with my asterisk 13.7: [2016-03-28 23:43:25] WARNING[7221][C-00000006]: codec_ilbc.c:118 ilbctolin_framein: Huh? An ilbc frame that isn't a multiple of 50 bytes long from RTP (38)? |
21:52.05 | *** join/#asterisk lukeescude__ (614d77ea@gateway/web/freenode/ip.97.77.119.234) |
21:52.11 | lukeescude__ | Hello :D |
21:55.51 | gusto | yes, it is not the file amonk |
21:56.03 | gusto | that FILE * is the TCP socket that he can not open |
21:56.23 | gusto | and that may be a problem on the other side, maybe the certificate is invalid or the other side does not know it |
21:59.57 | amonk | gusto: thanks. the cert is good, though not verifiable. why would it be unable to open a tcp socket at all, just because it doesn't like the cert though. seem odd. in any case, am i understanding correctly that you are indicating that asterisk11 is supposed to support ecc tls certs? want to avoid wasting my time. |
22:02.47 | amonk | maybe it's the the clients requiring a verifiable cert then? but, seems it should still open the port for listening if that was the case, and it does not. |
22:04.04 | lukeescude__ | Would anyone happen to know how to make Asterisk enforce T38 with a specific endpoint, then enforce uLaw when going out/in the trunk? Is it the FAXOPT(gateway)=yes command? |
22:36.51 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
22:38.53 | *** join/#asterisk Draecos (~Draecos@120.16.82.146) |
22:43.13 | *** join/#asterisk mjordan (mjordan@nat/digium/x-sbnguocfehnddbac) |
22:43.13 | *** mode/#asterisk [+o mjordan] by ChanServ |
23:02.01 | *** part/#asterisk kharwell (kharwell@nat/digium/x-dranbjeavpfnorjl) |
23:10.45 | *** join/#asterisk Tagor (~Tagor@2001:1c00:1e18:2600:3560:c97f:c481:42a0) |
23:17.19 | Tagor | someone is trying to bruteforce my asterisk server. i made a cronjob that checks for 'Wrong password' entries in the log files and then add the ip to iptables (drop). however after blocking the ip address in iptables it seems the udp packages still get through. instead of getting a 'Wrong password' error it now says 'Operation not permitted' in asterisk. am I doing something wrong? I expected iptables to prevent any packages from |
23:17.19 | Tagor | reaching asterisk |
23:20.57 | [TK]D-Fender | Clearly different messages |
23:21.08 | [TK]D-Fender | And that means we should actually be LOOKING at them in full. |
23:21.19 | [TK]D-Fender | And not basing a decision based on you saying 2 words like that |
23:21.33 | [TK]D-Fender | (3) |
23:27.07 | F2Knight | Q: Anyone now of a way to 'delay' a hangup command from being sent? Specifically I wan too assure that a call stays on hook for at least 6 seconds. This would only be on outbound calls. |
23:29.00 | F2Knight | Use case is that a if an agent makes a call (click-2-call) and gets an answering machine. the caller hangs up lets say in 3 or 4 seconds. but the provider has a strict 6 second rule or they charge a dialer fee. So by keeping the call (channel) up for at least 6 seconds, the fee can be avoided. |
23:31.59 | *** join/#asterisk ruben23 (~OpenDIAL@112.201.3.127) |
23:32.34 | Tagor | [TK]D-Fender: here are the complete logs before and after blocking the ip address. they repeat about 5 times per second: http://pastebin.com/Y2xUgfsz |
23:32.40 | ruben23 | hi guys anyone can help setting up asterisk CDR for mysql, i have build everything already but CDR are not getting recorded by mysql somehow...help somehow..thanks |
23:33.07 | ruben23 | how should the dialplan be setup somehow to start recording the CDR on a mysql |
23:36.22 | Tagor | ruben23: did you read http://www.voip-info.org/wiki/view/Asterisk+cdr+mysql ? |
23:36.37 | [TK]D-Fender | Tagor, That's because your system is TRYING to contact that other side and you have blocked IP comms to them |
23:36.46 | [TK]D-Fender | You should make sure * stops trying first |
23:37.30 | ruben23 | Tagor: i have implemented all the procedured being stated on that how to somehow, but still no data on the mysql for CDR, i think my dialplan is the fault only |
23:38.08 | [TK]D-Fender | Dialplan has nothing to do with CDR normally |
23:38.51 | Tagor | [TK]D-Fender: what would be the reason for * to contact the other side? after blocking the ip address I also tried killing * and starting it again |
23:39.47 | [TK]D-Fender | becasue you FW'd them on outbound, not inbound |
23:41.52 | ruben23 | [TK]D-Fender: but how do CDR are being forwarded to the mysql, upon dialing..? |
23:42.14 | [TK]D-Fender | You don't "forward". |
23:42.19 | [TK]D-Fender | CDR is not a call. |
23:42.29 | [TK]D-Fender | they word "forward" does not EXIST |
23:43.46 | ruben23 | [TK]D-Fender: ok got it, any chance what could i look into why its not populating on mysql somehow.Thanks |
23:43.54 | [TK]D-Fender | LOOK |
23:44.10 | [TK]D-Fender | Where are you actually showing us configs? How about proving the backend is loaded? |
23:44.20 | [TK]D-Fender | That the tables exist and the credentials match? |
23:44.54 | [TK]D-Fender | That MySQL is even running... |
23:44.56 | [TK]D-Fender | You have not shown us ANYTHING to prove that any of what you have done is right. |
23:45.32 | [TK]D-Fender | wonders why people as what they've done wrong ... when they have shown NOTHING at all. |
23:46.21 | ruben23 | <PROTECTED> |
23:50.57 | Tagor | [TK]D-Fender: could you tell me what could be a reason for * to try to contact the attackers ip? |
23:51.36 | amonk | Tagor: re: iptables (stateful packet filtering in general, actually). it's not that simple with udp. the bruters initial packet creates a state table entry, so if they are smart enough to send all subsequent packets from the same source port, you need logic that kills their initial state table entry as well. |
23:51.48 | [TK]D-Fender | Tagor, You aren't LOOKING |
23:51.52 | [TK]D-Fender | they are SENDING you packets |
23:51.54 | [TK]D-Fender | they are making it IN |
23:52.03 | [TK]D-Fender | YOU blocked your attempt to ANSWER THEM |
23:55.14 | amonk | all: still would like a definitive statement as to whether asterisk11 is supposed to support ecc tls certs or not, btw. |
23:55.19 | *** join/#asterisk pppingme (~pppingme@unaffiliated/pppingme) |
23:56.25 | *** join/#asterisk BakaKuna (~BakaKuna@145.129.205.133) |
23:59.47 | Tagor | amonk: thanks, that makes sense. but according to the * logs they use a different port for every request |