| 00:06.54 | *** part/#asterisk kharwell (kharwell@nat/digium/x-uwllfrakefifsixy) |
| 00:15.28 | *** join/#asterisk megagolgoth (~Megagolgo@41.202.78.236) |
| 00:34.46 | *** join/#asterisk Chex (sss@sleepl.northnook.ca) |
| 01:07.03 | *** join/#asterisk startledmarmot (~startledm@2601:646:c203:75d7:2888:2a64:426b:31f5) |
| 01:22.10 | *** join/#asterisk infobot (ibot@rikers.org) |
| 01:22.10 | *** topic/#asterisk is #asterisk The Open Source PBX and Telephony Platform (asterisk.org) -=- LTS: 13.19.0 (2018/01/11), Standard: 15.2.0 (2018/01/11); DAHDI: DAHDI-linux 2.11.1 (2016/03/01), DAHDI-tools 2.11.1 (2016/03/01); libpri 1.6.0 (2017/01/27) -=- Wiki: wiki.asterisk.org -=- Code of Conduct: bit.ly/1hH6P22 -=- Logs: bit.ly/1s4AKKu |
| 02:17.51 | *** join/#asterisk elcontrastador (~textual@206.78.110.4) |
| 02:24.01 | *** join/#asterisk dar123 (~dar@2600:1700:38d0:1470:6d10:c143:fe6c:da3f) |
| 02:26.02 | kunwon1 | what is the default rtp port range if you don't have rtp.conf? |
| 02:26.21 | kunwon1 | nevermind found it, too impatient |
| 02:59.08 | *** join/#asterisk CheBuzz (~CheBuzz@unaffiliated/chebuzz) |
| 04:15.10 | *** join/#asterisk zopsi (~zopsi@2607:5300:60:9f36::) |
| 04:47.03 | *** join/#asterisk forgotmynick (uid24625@gateway/web/irccloud.com/x-fezykinqycavjgbd) |
| 04:59.48 | *** join/#asterisk cryptic (~cryptic@142.196.170.87) |
| 06:21.05 | *** join/#asterisk gerhard7_ (~gerhard7@ip5657ee30.direct-adsl.nl) |
| 07:13.26 | *** join/#asterisk megagolgoth (~Megagolgo@41.207.1.120) |
| 07:38.05 | *** join/#asterisk zapata (~zapata@2a02:b18:581:10:3cbf:f126:1329:8c7e) |
| 08:15.19 | *** join/#asterisk Worldexe (~Worldexe@95-107-33-134.dsl.orel.ru) |
| 08:17.26 | *** join/#asterisk megagolgoth (~Megagolgo@154.68.59.57) |
| 09:01.07 | *** join/#asterisk netman (~netman@185.94.249.77) |
| 09:01.23 | *** join/#asterisk areski (~areski@37.223.2.207) |
| 09:03.51 | *** join/#asterisk megagolgoth (~Megagolgo@154.68.54.152) |
| 09:47.19 | *** join/#asterisk gerhard7 (~gerhard7@ip5657ee30.direct-adsl.nl) |
| 10:08.36 | *** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net) |
| 10:45.45 | *** join/#asterisk ganbold (~ganbold@173.244.215.173) |
| 11:56.48 | *** join/#asterisk lankanmon (~LKNnet@CPE64777dd7e053-CM64777dd7e050.cpe.net.cable.rogers.com) |
| 12:18.32 | *** join/#asterisk karelk (~karel@31.10.153.23) |
| 12:56.21 | [sr] | howdy |
| 12:56.34 | [sr] | i have ACL's on extensions to the IP only |
| 12:56.58 | [sr] | and i have some hacker thas was able to register, with another IP (ok found the password with brute force) |
| 12:57.09 | [sr] | shouldn't ACL toke affect? |
| 12:58.31 | [sr] | or ACL isn't that safe? |
| 13:05.10 | [sr] | he was able to remove the ACL from the extension, and reboot the system |
| 13:06.26 | [sr] | and manager only allows 127.0.0.1 |
| 13:24.00 | *** join/#asterisk CheBuzz (~CheBuzz@unaffiliated/chebuzz) |
| 13:24.24 | Samot | Wait... |
| 13:24.44 | Samot | If they were able to remove the ACL and reboot the system, they did more than just "register" |
| 13:26.13 | Samot | No one can brute force REGISTER and "remove" an ACL in the config nor can they reboot the system. |
| 13:31.10 | *** join/#asterisk forgotmynick (uid24625@gateway/web/irccloud.com/x-auyfbhksfkirjffl) |
| 13:34.22 | *** join/#asterisk jamesaxl (~James_Axl@109.172.62.242) |
| 13:35.03 | [sr] | Samot: that's what i'm trying to figure! |
| 13:35.18 | Samot | I get that. |
| 13:35.28 | Samot | But what I am saying is, it wasn't a SIP thing. |
| 13:35.31 | [sr] | Samot: is it possible to add a outbound route via asterisk CLI ? |
| 13:35.43 | Samot | That's dialplan. |
| 13:35.59 | Samot | There's no such thing as "Outbound Routes" in Asterisk. |
| 13:36.27 | [sr] | ok dialplan, is it possible to manage dialplans via CLI? |
| 13:36.46 | [sr] | knowing that it wasnt via SIP, good, that's i was already convinced |
| 13:38.48 | Samot | Dialplan is the code in extensions.conf |
| 13:38.53 | Samot | so yeah, you can edit the file. |
| 13:39.03 | [sr] | its not that samot |
| 13:39.12 | [sr] | via asteriskCLI |
| 13:39.17 | Samot | No. |
| 13:39.26 | Samot | You cannot edit a file in the CLI |
| 13:39.34 | [sr] | sorry, not saying edit |
| 13:39.42 | [sr] | change the dialplan via the CLI |
| 13:39.44 | Samot | You're saying "manage" |
| 13:39.45 | Samot | NO |
| 13:39.50 | Samot | You have to edit it. |
| 13:39.55 | Samot | From the file |
| 13:40.02 | [sr] | ok that's what i want to know |
| 13:40.10 | Samot | Unless you're running RealTime then you need to update the database. |
| 13:40.38 | [sr] | no realtime |
| 13:40.52 | Samot | I figured. |
| 14:08.20 | [sr] | i think how it was... |
| 14:08.22 | [sr] | tracing the logs |
| 14:15.00 | *** join/#asterisk Kobaz (~kobaz@its.kobaz.net) |
| 14:16.15 | *** join/#asterisk jamesaxl (~James_Axl@109.172.62.242) |
| 15:19.40 | *** join/#asterisk miralin (~Thunderbi@91.237.94.67) |
| 15:33.36 | *** join/#asterisk LunaLovegood (~alice@75.98.139.193) |
| 15:38.16 | LunaLovegood | Is there a way to remove the "Server: Asterisk PBX 14.2.1" header from replies with chan_sip? I'm trying to shorten the response UDP packets because someone is sending dummy INVITEs to my server from spoofed IPs in order to spam the real hosts at those IPs. And the 401 Unauthorized responses are bigger than the INVITEs I'm receiving. |
| 15:38.42 | avb | LunaLovegood: useragent and sdpversion or something like that |
| 15:39.42 | avb | sdpsession |
| 15:42.26 | LunaLovegood | Alright, my replies are now smaller than the INVITEs so the spamming should eventually stop, maybe. Thanks. |
| 15:43.47 | LunaLovegood | Any other tips for making the SIP messages shorter? |
| 15:47.53 | *** join/#asterisk areski (~areski@37.223.2.207) |
| 16:02.56 | Samot | That's not going to change anything. |
| 16:05.03 | Samot | And messing with SIP messages without know what is expected can break things. |
| 16:06.20 | Samot | The proper way to handle this is to actually block the traffic. |
| 16:07.22 | Worldexe | are you using compactheaders = yes already? |
| 16:08.06 | Samot | Removing a line in the SIP message to make it "shorter" is not going to stop people trying to send calls through you. |
| 16:09.57 | Worldexe | is looks like you can remove user-agent string by setting 'useragent' to empty string in sip.conf |
| 16:10.14 | Worldexe | just checked sources; never did this myself |
| 16:10.33 | Samot | Yes, you can edit/modify the User-Agent string. |
| 16:10.44 | Samot | Again, not going to stop SIP attacks. |
| 16:10.51 | Samot | It is the wrong answer to the problem. |
| 16:11.06 | Samot | Exploring it means you are not exploring proper answers to the problem. |
| 16:12.58 | Worldexe | a better way would be to to set up fail2ban-like solution to ban IPs if shitty requrests are detected |
| 16:13.40 | Samot | No. |
| 16:13.50 | Samot | A better way would to be blocking the IPs outright. |
| 16:14.00 | Samot | fail2ban is not proactive, it is responsive. |
| 16:14.13 | Samot | In order for fail2ban to do anything it must first read logs on the server. |
| 16:14.19 | Samot | If it is in the log, it means it happened. |
| 16:14.42 | Worldexe | if hes getting queries from random ips and still needs to maintain public service - theres no way to pre-block them |
| 16:14.47 | Samot | It's rather simple, if you don't need/want/expect traffic from China... |
| 16:14.54 | Samot | You block China IP ranges. |
| 16:15.02 | Samot | Then, you don't have issues from China. |
| 16:15.11 | Samot | Yes. |
| 16:15.14 | Samot | There absolutely is. |
| 16:15.22 | Samot | iptables does rate limiting |
| 16:15.42 | Samot | It can block by user-agents and there are plenty of sites that list "bad" useragents. |
| 16:16.02 | Samot | sipvicious is not a friendly UA |
| 16:16.06 | Samot | It is a hacker UA |
| 16:16.25 | Samot | So you block sipvicious UA's from coming in. |
| 16:17.09 | Worldexe | hmm, didnt think about user-agent blocking.. |
| 16:17.18 | *** join/#asterisk areski (~areski@37.223.2.207) |
| 16:17.32 | Worldexe | yeah, thats the way |
| 16:17.38 | Samot | One. |
| 16:17.41 | Samot | It's one of the ways. |
| 16:17.51 | Samot | There are numerous ways to protect your SIP network. |
| 16:18.11 | Samot | If you are a SIP/VoIP service provider you should have at least some of them in place. |
| 16:18.29 | Samot | Not just have your box on the Internet and open because you don't know your users IPs. |
| 16:18.59 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
| 16:19.25 | Samot | I am a provider. |
| 16:19.33 | Samot | I don't have customers in certain parts of the world. |
| 16:19.44 | Samot | Those same parts are also known for being bad and naughty |
| 16:19.57 | Samot | So I can still deny those parts of the world without impacting my actual users. |
| 16:20.07 | Samot | Blocking all of China does not stop my US customers. |
| 16:20.25 | dadrc | Anyone using sipvicious for nefarious purposes w/o changing the UA is plain stupid |
| 16:20.45 | Samot | Then that would be about 90% of the users. |
| 16:20.51 | Samot | Because people don't mess with these things. |
| 16:20.53 | Samot | They buy them |
| 16:20.54 | Worldexe | so... pre-ban known bad countries, some rules based on user-agents (or mb smth else)? maybe something else? |
| 16:20.55 | dadrc | Not saying there aren't many stupid persons, yeah |
| 16:20.55 | Samot | Or get them |
| 16:20.57 | Samot | And they use them. |
| 16:21.26 | Samot | Worldexe, we haven't even touched a proper network infrastructure. |
| 16:21.31 | dadrc | Just saying, blocking specific UAs isn't an all-remedy |
| 16:21.35 | Worldexe | im mostly working with private setups, didnt have to deal with those things |
| 16:21.42 | Samot | I'm referring to what can just be done on the individual machine. |
| 16:21.49 | Samot | I never said it was |
| 16:21.55 | Samot | In fact I said it was one a piece of the puzzle. |
| 16:21.59 | Samot | It was _one_ way. |
| 16:22.01 | dadrc | Samot, yeah |
| 16:22.20 | dadrc | Was meant in support of your statement, sorry if it came across wrong |
| 16:22.28 | Samot | My customers don't know about my Asterisk servers. |
| 16:22.35 | Samot | Because they register with a SIP proxy. |
| 16:22.51 | Samot | My Asterisk servers are locked down for traffic from my proxies only. |
| 16:24.07 | Samot | My Asterisk servers don't even peer directly to my carriers. |
| 16:24.16 | Samot | Again, I have proxies in place for that. |
| 16:24.33 | Samot | That do all the fun stuff I need like LCR, routing calls to proper servers.. |
| 16:24.41 | Samot | CDRs. |
| 16:27.07 | Samot | 10:43:48 AM L<LunaLovegood> Any other tips for making the SIP messages shorter? <-- This is why I also said messing with SIP messages is bad if you don't know what you are doing... |
| 16:27.18 | Samot | Because my proxies will check the message. |
| 16:27.53 | Samot | If its not a standard length, format or has required details missing or out of order. Tags as a Malformed SIP Message and dropped. |
| 16:32.09 | *** join/#asterisk miralin (~Thunderbi@91.237.94.67) |
| 16:40.39 | gruetzkopf | Samot: and now you have excluded those customers that travelled to china |
| 16:40.53 | Samot | Really? |
| 16:41.00 | Samot | Because it happens so much. |
| 16:41.08 | Samot | Also, I don't do residential services. |
| 16:41.16 | gruetzkopf | ok, that hels |
| 16:41.23 | gruetzkopf | *helps |
| 16:42.30 | Samot | In the markets I'm in, places like Flowroute, VoIP.ms or even Vonage are not competitors. |
| 16:43.09 | Samot | The actual telcos. |
| 16:43.22 | Samot | Those are the competitors. |
| 16:45.37 | Samot | I just don't ship you 10 Polycoms and go "OK all done" |
| 16:46.12 | Samot | I got guys that do the actual install. PoE switches, wiring, testing, training. |
| 16:55.08 | [sr] | Samot: found the source and how, this is complicated and so sensible, the person made the error of calling his own number today to test the dialplan change he made by hand |
| 16:59.04 | Worldexe | what are you using as sip proxy? |
| 17:01.54 | Samot | Kamailio. |
| 17:24.07 | *** join/#asterisk aandrew (foobar@gromit.mixdown.ca) |
| 17:25.26 | *** part/#asterisk aandrew (foobar@gromit.mixdown.ca) |
| 17:30.35 | *** join/#asterisk Catatronic (~corrupt@unaffiliated/catatronic) |
| 17:35.02 | *** join/#asterisk Catatronic (~corrupt@unaffiliated/catatronic) |
| 17:38.49 | *** join/#asterisk Frojoe (Frojoe@2a01:7e00::f03c:91ff:fe70:bc74) |
| 17:54.54 | *** join/#asterisk jkroon (~jkroon@165.16.204.167) |
| 18:31.04 | *** join/#asterisk Catatronic (~corrupt@unaffiliated/catatronic) |
| 18:33.30 | *** join/#asterisk rwb (~Thunderbi@65-183-131-95-dhcp.burlingtontelecom.net) |
| 18:33.31 | *** join/#asterisk Catatronic (~corrupt@unaffiliated/catatronic) |
| 18:37.11 | *** join/#asterisk Catatronic (~corrupt@unaffiliated/catatronic) |
| 19:03.33 | *** join/#asterisk stux16777216Away (stux@endurance.xzibition.com) |
| 19:03.36 | *** join/#asterisk bauxit (~bauxit@2a01:6e60:10:1afb:1:3:3:7) |
| 19:44.11 | *** join/#asterisk rwb (~Thunderbi@65.183.151.121) |
| 20:11.52 | *** join/#asterisk aness (~aness@cm-84.209.56.255.getinternet.no) |
| 20:16.31 | *** join/#asterisk startledmarmot (~startledm@cpe-75-82-221-87.socal.res.rr.com) |
| 21:31.06 | *** join/#asterisk SoBlindWolf (~SoBlindWo@go.pcshost.co) |
| 22:08.47 | *** join/#asterisk dadrc (~quassel@unaffiliated/dadrc) |
| 22:08.47 | *** join/#asterisk juvenal (juvenal@gateway/shell/elitebnc/x-uhbgdhlylyytnlfh) |
| 22:08.47 | *** join/#asterisk beardy (~beardy@unaffiliated/beardy) |
| 22:08.47 | *** join/#asterisk mvanbaak (~mvanbaak@asterisk/contributor-and-bug-marshal/mvanbaak) |
| 22:08.48 | *** join/#asterisk petris (sid19918@gateway/web/irccloud.com/x-pphizvekeifopjzn) |
| 22:08.48 | *** join/#asterisk boxrick (sid98261@gateway/web/irccloud.com/x-abztompinrqejguv) |
| 22:08.48 | *** join/#asterisk danjenkins (danjenkins@gateway/shell/firrre/x-ezoglfkhtfjvlaqd) |
| 22:08.49 | *** mode/#asterisk [+o danjenkins] by ChanServ |
| 22:23.17 | *** join/#asterisk pppingme (~pppingme@unaffiliated/pppingme) |
| 22:45.50 | *** join/#asterisk Penguin (~xwQ5kwYl6@our.systems.are.full.of.penguins.at.penguinsystems.net) |
| 22:59.47 | *** join/#asterisk bluez_ (sid168910@gateway/web/irccloud.com/x-tnrausbiqxmybnum) |
| 23:04.11 | *** join/#asterisk Penguin (~xwQ5kwYl6@our.systems.are.full.of.penguins.at.penguinsystems.net) |
| 23:04.11 | *** join/#asterisk compu_85 (~compu_85@nyc3-3.do.stmn.net) |
| 23:07.17 | *** join/#asterisk zopsi (~zopsi@dir.ac) |
| 23:21.43 | *** join/#asterisk retentiveboy (~retentive@c-73-82-30-193.hsd1.ga.comcast.net) |