Asterisk security thread
Few days ago, the FBI send a confusing alert about asterisk and security.
Here is more information about the clarification
On Monday, the Federal Bureau of Investigation (FBI) issued an updated notice regarding the use of Digium’s Asterisk IP PBX for vishing. Now, if they could get the date of posting (Dec. 
to match the date listed within the notice (Dec. 5), we might actually have a “case closed.”
http://www.fiercevoip.com/story/fbi-clarifies-digium-asterisk-ip-pbx-vishing-bolo/2008-12-09
Make your dialplan readable using priority labels
When you start asterisk or run ‘reload’ or ‘extensions reload’ from asterisk cli, the asterisk process will parse your /etc/asterisk/extensions.conf file and build a list of extensions with priorities starting with 1.
You can give any priority a name and make your extension file easy to write, read and modify.
Here is the syntax for each extension priority
exten => <extension_number>,<priority_number>(<label_name>),<application>(<application_data>)
You can then use the label number into a Goto application instead of an explicit priority number. You can then change your priority number, the label name will be the same and you don’t have to change all Goto places that point to that priority.
Example
exten => 5140000000,1,Noop(New caller from ${CALLERID(all)})
exten => 5140000000,n(playwelcome),Background(welcome-message)
exten => t,1,Noop(User didn’t enter anything… Retry…)
exten => t,n,Goto(5140000000,playwelcome)
In this specific example, the user is asked to enter an extension number. If you don’t enter anything
and reach the t (timeout) extension, we transfer again to extension 5140000000 at priority labelled playwelcome.
Asterisk dialplan : random naviguation
Sometimes, you want your callers to go randomly to a place.
For example, you have 5 extensions and you want inbound calls to be send randomly to those extensions.
You may want a equal distribution or distribution based on a certain probability.
Another case where this can be usefull is if you have multiple carriers and want to send your outbound calls randomly to them.
To do so, you can use the asterisk RAND function.
[Syntax]
RAND([min][|max])[Synopsis]
Choose a random number in a range[Description]
Choose a random number between min and max. Min defaults to 0, if not
specified, while max defaults to RAND_MAX (2147483647 on many systems).
Example: Set(junky=${RAND(1|8)});
Sets junky to a random number between 1 and 8, inclusive.
Action
In the following example, we receive a call to DID number 5140000000 and want to send 60% to SIP extension 2200 and the rest to extension 3300. The dialplan the looks like
exten => 5140000000,1,Noop(New call received from ${CALLERID(all)})
exten => 5140000000,n,GotoIf($[${RAND(1,100)} > 40]?labelagt1)
exten => 5140000000,n(labelagt2),Dial(SIP/3300)
exten => 5140000000,n,Hangup
exten => 5140000000,n(labelagt1),Dial(SIP/2200)
exten => 5140000000,n,Hangup
So, basicly, when we receive the call, we generate a random number between 0 and 100.
If that number is more than 40 (should happen 60% of the time), we go to priority with label ‘labelagt1′ and we dial SIP/2200.
If not (should happen 40% of the time), we go the next priority and dial SIP/3300.
Watch and monitor asterisk activity
If you want to watch and monitor your asterisk server ativities, you may need to run peridicly (every 10s for example) the same asterisk command.
The linux wacth command can help you do that.
For example, if you want a table to display the list of channels every 10 seconds in a “top like” mode, you can run :
watch -n 10 asterisk -rx \”show channels\”
That will run the same command every 10 seconds and display it in full screen.
Press Ctrl+C to exit.
asterisk users : september maillist
Here is asterisk mailling users questions for september month.
http://www.astblog.com/maillist/asterisk-users/2008-September/thread.html
Asterisk : generate core dump files
We all know that asterisk in still a work in progress and some people can have crash time to time.
If you want to know where asterisk did crash and generate coredump files, you need the followings :
- set the maximum size of coredump file that can be generate. Usually coredump files are very large file. So, to make sure that you have it, set it to unlimited. Must be done before starting asterisk.
ulimit -c unlimited
- tell asterisk to generate coredump file if crash happens. So, start asterisk with the g flag
asterisk -g
Then, when the asterisk service will crash it will generate a coredump file in the process root directory. To know what the process current working directory is, find the running asterisk process id (ps -ef |grep asterisk) and then run
ls -l /proc/<processid>
The ‘cwd’ (for current working directory) symlink is where your coredump file will be generate.
You can use gdb to see what happened.
asterisk bug : Unlimited call for limits under 1 second
Hi all,
i’ve found out and report a bug to asterisk in version 1.4.21.2.
The danger of this bug is, if, example in your code or ag, you used to setup calls limits in miliseconds, make sure that you limit is at least 1 second ie 1000 ms. For anything under 1 second, asterisk will execute the dial and bridge the calls for an unlimited amount of time.
For more informations :
http://insects.digium.com/view.php?id=13851
asterisk cli : execute linux command from cli
In the category did-you-know :
If you are in asterisk command line interface and need to run a linux command without quiting your cli,
you can prepend an exclamation point to your cli and it will execute your command.
Action
*CLI> !date
Thu Nov 6 10:43:15 EST 2008
Use asterisk to dial outbound number with extension
Sometimes, you want to reach an outbound number and when it answers, press some digits to naviguate through IVR.
The most common case where this can happens is when you want the callers from your PBX to reach a number and go direclty to a given extension. This prevents the caller to enters himself the extension number of the foreign side.
To make it done, you can use asterisk Dial option D.
D([called][:calling]) - Send the specified DTMF strings *after* the called
party has answered, but before the call gets bridged. The ‘called’
DTMF string is sent to the called party, and the ‘calling’ DTMF
string is sent to the calling party. Both parameters can be used
alone.
Situation : From your office, you want to have a “speed dial” extension (eg: 2025) that will allow users to reach the other office (eg: at phone number 5140000000) sales departement (eg: at extension 1234). So, instead of calling the phone number 5140000000 and then dialing 1234, your dialplan can look like :
exten => 2025,1,Noop(Caller ${CALLERID(all)} want to reach foreign office and extension 1234)
exten => 2025,n,Dial(Zap/g1/5140000000,30,D(1234))
exten => 2025,n,Hangup
So, what will happen is, as soon as the foreign office system (at 5140000000) will answer, asterisk will “auto press” digits 1234 and then bridge the call to the caller.
You can also send digits to the caller channel.
Asterisk dialplan to limit number of call in ‘x’ seconds
Here is a quick trick that you can use to limit the number of inbound calls from the same callerid in a certain time window.
It has the advantage to not use any database but a small file for each caller.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; With some adjustments:
;
; 1. adding a dir to the system /var/spool/asterisk/inbound_count
; 2. routing inbound channel into proper queue, menu, dialstatement or other destination
; 3. adjusting the number of attemps and the timeframe
; 4. adjusting GMT to your own situation, just to have the time right.; ;the script can be used.
;;;;;;;;;;;;;;;;;;;;;;;;;;;
; written by Erik de Wild
; Tripple-o
; Your Asterisk migration partner
; info at tripple-o.nl
;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This is free software licensed under the GNU General Public
; License version 2; you are welcome to redistribute it under
; certain conditions.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; this script limmits the number of inbound call attempts within a certain timeframe.
; this script can help to prevents denial of service attacks or to prevent callers to spam you with incoming calls
;;;;;;;;;;;;;;;;;;;;;;;;;;;[max_inbount_trials]
exten => s,1,Set(FILE_EXISTS=0)
exten => s,n,SET(PAD=/var/spool/asterisk/inbound_count/${CALLERID(num)})
exten => s,n,SET(FILE_EXISTS=${STAT(e,${PAD})}) ; check if file already exists
exten => s,n,GotoIf($[ "${FILE_EXISTS}" : "1"]?check_last_read)
exten => s,n,System(echo -E “xx” > ${PAD}) ; create new file and add 1 line with xx
exten => s,n,MusicOnHold() ; just for now. This is the place to route call into queue, menu, dial statement or whatever
exten => s,n,Hangup()exten => s,n(check_last_read),Set(LAST_READ=${STAT(A,${PAD})}) ;EPOCH of last read
exten => s,n,NoOp(XXXXXXXXXXXXXXXXX ${LAST_READ})
exten => s,n,SET(SECONDS_AGO=$[${STRFTIME(${EPOCH},GMT-1,%s)} - ${LAST_READ}])exten => s,n,Set(TIME_WINDOW=3600) ; this is where the timefram for control the number is set in seconds
exten => s,n,GotoIf($[ ${SECONDS_AGO}<${TIME_WINDOW}]?add_line)
exten => s,n,NoOp( the last attemt was ${SECONDS_AGO} seconds ago)
exten => s,n,System(echo -E “xx” > ${PAD}) ; create new file, last attempt was more then 1 hour ago
exten => s,n,MusicOnHold() ; just for now. This is the place to route call into queue, menu, dial statement or whatever
exten => s,n,Hangup()exten => s,n(add_line),System(echo -E “xx” >> ${PAD}) ; add line to file
exten => s,n,Set(SIZE_FILE=${STAT(s,${PAD})}) ; check for number of bytes in file
exten => s,n,Set(MAX_SIZE=6) ; This is where the number of attempts within the timeframe is set.
; two attempts with in the timeframe, every attempt add 3 bytes to the file (xx and a line return)
exten => s,n,GotoIf($[ ${SIZE_FILE}>${MAX_SIZE}]?hang_up) ; Just two attempts within time frame
exten => s,n,MusicOnHold() ; just for now. This is the place to route call into queue, , menu, dial statement or whatever
exten => s,n,Hangup()
exten => s,n(hang_up),Playback(beep)
exten => s,n,Wait(2)
exten => s,n,Goto(hang_up)