Friday 20 December 2013

convert mp3 to gsm/ulaw for Asterisk

# Install mpg123 to convert mp3 to wav file
mpg123 -w
; convert the output wav file to format that Asterisk can recognize
sox -v 0.9 input.wav -c 1 -r 8000  output.wav
; -v: reduce volume

Monday 16 December 2013

Install chan_mobile on ClearOS 5.2 SP2, Asterisk 1.8 and FreePBX 2.8

Source: http://samyantoun.50webs.com/asterisk/chan_mobile/

 
Install chan_mobile on ClearOS 5.2 SP2, Asterisk 1.8 and FreePBX 2.8

  • Legend (Variable and Scope)
    • PBX Pairing Password User
      PBX Name User
      Context User
      Bluetooth USB Device Name User
      MAC Address System
      ID System
      Mobile Phone MAC Address System
      Port System
      Number User
      ID User
  • ClearOS
    • Install Bluez
      • Yum
        • yum install -y bluez-utils bluez-libs bluez-libs-devel bluez-hcidump
      • Edit /etc/bluetooth/hcid.conf
        • Backup
          • cp -vf /etc/bluetooth/hcid.conf /usr/src/svn/hcid.conf.original
        • Clean (Optional)
          • sed -i '/^\t#/d;/^#/d;/^$/d' /etc/bluetooth/hcid.conf
        • Edit options Section
          • Change security user to security auto
            • sed -i 's/security user/security auto/' /etc/bluetooth/hcid.conf
          • Change passkey "BlueZ" to passkey "1234"
            • sed -i 's/passkey "BlueZ"/passkey "1234"/' /etc/bluetooth/hcid.conf
        • Edit device Section
          • Change name "%h-%d" to name "My PBX"
            • sed -i 's/name "%h-%d"/name "My PBX"/' /etc/bluetooth/hcid.conf
          • Change class 0x120104 to class 0x000100
            • sed -i 's/class 0x120104/class 0x000100/' /etc/bluetooth/hcid.conf
      • Service
        • service bluetooth start
    • Setup Bluetooth USB
      • Connect Bluetooth USB
      • Make Sure USB is connected
        • Test 1
          • Run Command
            • hciconfig -a
          • You should see something like this:
            • hci0: Type: USB
            • BD Address: 00:15:E9:66:BF:B6 ACL MTU: 192:8 SCO MTU: 64:8
            • UP RUNNING
            • RX bytes:949 acl:0 sco:0 events:23 errors:0
            • TX bytes:331 acl:0 sco:0 commands:22 errors:0
            • Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00
            • Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
            • Link policy: RSWITCH HOLD SNIFF PARK
            • Link mode: SLAVE ACCEPT
            • Name: 'My PBX'
            • Class: 0x000100
            • Service Classes: Unspecified
            • Device Class: Computer, Uncategorized
            • HCI Ver: 1.1 (0x1) HCI Rev: 0x20d LMP Ver: 1.1 (0x1) LMP Subver: 0x20d
            • Manufacturer: Cambridge Silicon Radio (10)
        • Test 2
          • Run Command
            • hcitool dev
          • You should see something like this:
            • Devices:
            •     hci0   00:15:E9:66:BF:B6
    • Setup Mobile Phone
      • Make PBX discoverable:
        • dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/hci0 org.bluez.Adapter.SetMode string:discoverable
      • Pair PBX
        • On the mobile phone, Search for devices (Nokia, Settings > Connectivity > Bluetooth > Paired devices > Add new device
        • You should find your PBX as My PBX. Pair with a pin of 1234
      • Make sure we can see your phone
        • Run Command
          • hcitool scan
        • You should see something like this:
          • Scanning ...
          •    FC:E5:57:EB:4A:87    MyMobile
  • Asterisk
    • Edit /etc/asterisk/mobile.conf
      • Create Config File
        • touch /etc/asterisk/mobile.conf
        • chown asterisk:asterisk /etc/asterisk/mobile.conf
        • chmod 664 /etc/asterisk/mobile.conf
      • Create [adapter] sections
        • echo "[adapter]
        • id=dlink01
        • address=00:15:E9:66:BF:B6" > /etc/asterisk/chan_mobile.conf
    • Search for your bluetooth devices from Asterisk. This command might take 8 - 10 seconds
      • Rum Commands
        • asterisk -r
        • module load chan_mobile.so
        • mobile search
      • You should see something like this:
        • Address            Name       Usable  Type   Port
        • FC:E5:57:EB:4A:87  My Mobile  Yes     Phone  13
    • Edit /etc/asterisk/mobile.conf
      • echo "[nokia_c1_01_01]
      • address=FC:E5:57:EB:4A:87
      • port=13
      • context=from-mobile-nokia-c1-01-01
      • adapter=dlink01
      • group= 1">> /etc/asterisk/mobile.conf
    • Show the status of configured devices, and whether or not the device is capable of sending / receiving SMS via bluetooth:
      • Run Command
        • mobile show devices
      • You should see something like this:
        • ID              Address            Group  Adapter  Connected  State  SMS
        • nokia_c1_01_01  FC:E5:57:EB:4A:87  1      dlink01  Yes        Free   No
  • FreePBX
    • Outgoing
      • Trunk
        • Create a custom trunk
        • Outbound Caller ID = 0123456789
        • Maximum channels = 1
        • Custom Dial String = Mobile/nokia_c1_01_01/$OUTNUM$
      • Outbound Route
        • As desired
    • Incoming
      • Edit /etc/asterisk/extensions_custom.conf
        • echo "
        • ;************* Mobile Nokia C1-01 01 ***************
        • [from-mobile-nokia-c1-01-01]
        • exten => s,1,Noop(Setting DID = 0123456789)
        • exten => s,n,Set(__FROM_DID=0123456789)
        • exten => s,n,Goto(from-trunk,0123456789,1)
        • exten => s,h,Hangup
        • ;*********** End Mobile Nokia C1-01 01 *************
        • " >> /etc/asterisk/extensions_custom.conf
      • Inbound Route
        • DID Number = 0123456789
  • Notes
    • Asterisk Mobile Commands
      • mobile cusd Send CUSD commands to the mobile
        mobile rfcomm Send commands to the rfcomm port for debugging
        mobile search Search for Bluetooth Cell / Mobile devices
        mobile show devices Show Bluetooth Cell / Mobile devices
    • To load or unload chan_mobile module
      • module load chan_mobile.so
      • module unload chan_mobile.so

Use an old Mobile Phone as a GSM Gateway in Asterisk

SOURCE: http://www.stocksy.co.uk/articles/Networks/use_an_old_mobile_phone_as_a_gsm_gateway_in_asterisk/

Like most people I carry a mobile phone, but mine is for emergencies only. Just a handful of people know the the number and that's how I like to keep it. Because I use Asterisk, I'm always reachable through my land line number which I route around between various destinations or voicemail depending on what suits me. I'm spoilt by this, so having my mobile phone ring unexpectedly at an inconvenient time is a bit intrusive.
But, increasingly, almost everyone I interact with wants my mobile number - employers, customers, banks, garages, insurance companies - if it doesn't start '07', they're not happy.
As usual I've decided to try a technical solution to a social problem. I began by using a 'personal use' 070 number which is designed for precisely the kind of single-number-reach setup I use. This 070 number was presented at my SIP provider, who would then route the calls to my Asterisk server across the internet. In the end, this proved to be unsatisfactory because many providers block the 070 range with the justification that it has been abused for premium-rate scams. For example, the number couldn't be dialled from T-Mobile or Orange. Shame.
Undeterred, I tried another approach. I now have an old spare mobile phone which never leaves the house and is permanently connected through bluetooth to Asterisk. This is a real mobile with a real mobile number. I simply feed any incoming calls to this mobile into a macro which handles the call in the same way as calls to my landline. If I want to take calls on my (real) mobile, I can. If I'm not available to take the call, the caller is passed to my Asterisk voicemail box. SMS text messages arrive as emails, my replies to which are sent by SMS. Having all my incoming calls and voicemail messages in one place is very convenient and it prevents me from missing calls when I am in the house and probably would not hear a mobile phone ringing.
Asterisk has included support for bluetooth connections to mobile phones and headsets for some time now. This is accomplished through chan_mobile. Not all phones are supported, so it's worth taking a look at voip-info.org's page which lists the confirmed compatible dongles and phones. I am getting good results with a D-Link DBT-120 dongle and a Nokia E72, 6306i, 6021 handsets, however only the 6021 works with SMS. It is worth noting that each bluetooth dongle can support only one mobile device - this is an annoying limitation of chan_mobile, but it's not as though USB dongles are very expensive.

How it's Done

chan_mobile is an addon, so it needs to be enabled before Asterisk is compiled. On Debian, it's pretty simple, just add a few packages:
# apt-get install bluez-utils bluez-hcidump libbluetooth-dev
then, go to your Asterisk source directory and use make menuselect to enable chan_mobile. It's in Add-ons -> chan_mobile:
# cd /usr/src/asterisk-1.8.11.0
# ./configure && make menuselect
Whilst it compiled and installed OK, I had to make a modification to the chan_mobile source before it would recognise my phone:
# vi /usr/src/asterisk-1.8.11.0/addons/chan_mobile.c

Find this:
 addr.rc_channel = (uint8_t) 1;

Replace with:
 addr.rc_channel = (uint8_t) 0;
Build Asterisk and (re)install:
# make && make install
In order to use a bluetooth-connected phone as a GSM gateway, it's necessary to pair the phone with the Asterisk server. In Debian, this can be accomplished painlessly through the CLI. First, make your phone discoverable and then scan for it:
# hcitool scan
Scanning ...
 EC:1B:6B:64:C2:88 Trollphone
Make a note of the MAC address. In order to pair, a helper is required to handle the PIN. Run the helper in the background and begin the pairing process:
# bluetooth-agent 7472 &
# rfcomm connect hci0 EC:1B:6B:64:C2:88
Once the pairing has succeeded, make sure your phone is configured to automatically accept connections for this paring in future. You can verify that the paring is working at any time by running:
# hcitool con
Connections:
 < ACL EC:1B:6B:64:C2:88 handle 41 state 1 lm MASTER AUTH ENCRYPT
Now, Asterisk needs to be configured to use the paired phone. We need to know which rfcomm channel offers the voice service. The easiest way is to use chan_mobile:
# rasterisk
*CLI> module load chan_mobile.so
Don't worry about any errors loading the module, it'll do for now:
*CLI> mobile search 
EC:1B:6B:64:C2:88 Trollphone                     Yes    Phone   2
In this case it is rfcomm channel 2. In addition, we need to know the MAC address of the bluetooth dongle installed in the Asterisk server. Exit the Asterisk CLI and use hcitool:
# hcitool dev
Devices:
 hci0 00:81:C5:33:25:A4
At last we have all the information needed. Edit or create the chan_mobile configuration file:
# vi /etc/asterisk/chan_mobile.conf

[Adapter]
address = 00:81:C5:33:25:A4
id = pabx

[Trollphone]
address = EC:1B:6B:64:C2:88
port = 2
context = from-trollphone
adapter = pabx
You will need something in the dialplan to handle this, at minimum something like:
# vi /etc/asterisk/extensions.conf

[from-trollphone]
exten => s,1,Dial(SIP/100)

[my-phones]
exten => *12,1,Dial(MOBILE/Trollphone/150)
When the mobile rings, you should get a call on SIP extension 100. Dialling *12 will cause the phone to dial 150, which in my case gives me Orange customer services. I'm sure you get the idea.

What about SMS?

Trickier, but there is a solution. None of the phones I had spare were supported by chan_mobile's SMS capabilities. According to the chan_mobile wiki page, only three phones are known to support SMS: the Nokia models E51, 6021 and 6230i. Of the three, the 6021 seems to be the most widely available - I was able to get three of them from eBay for just a few pounds.
Once the phone is paired in the normal way, it will send any incoming SMS messages to Asterisk over the bluetooth connection. Asterisk looks for an 'sms' extension in the context you specified in chan_mobile.conf. I suggest something like this in your dialplan:
[from-trollphone]
exten => sms,1,Verbose(Incoming SMS from ${SMSSRC} ${SMSTXT})
exten => sms,n,System(echo "To: stocksy@stocksy.co.uk" > /tmp/smsmail)
exten => sms,n,System(echo "Subject: SMS from ${SMSSRC}" >> /tmp/smsmail)
exten => sms,n,System(echo "${SMSTXT}" >> /tmp/smsmail)
exten => sms,n,System(sendmail -t -f ${SMSSRC}@sms.stocksy.co.uk < /tmp/smsmail)
exten => sms,n,Hangup()
At first, incoming messages were all arriving with a blank ${SMSSRC}, the easy solution was to apply a patch and re-compile:
# cd /usr/src/asterisk-1.8*
# wget --no-check-certificate https://issues.asterisk.org/jira/secure/attachment/42026/sms-sender-fix.diff
# patch -p0 < sms-sender-fix.diff
# ./configure && make && make install
Now, incoming messages are delivered to me as emails claiming to be from +MOBILENUMBER@sms.stocksy.co.uk. Obviously, this requires the Asterisk system to have a working MTA, the setup of which I won't cover here. If you don't have an MTA at present, take a look at postfix.
Outgoing SMS messages are more work because it's necessary to parse the contents of the email message, the format of which will be a little less predicatable than an SMS. I elected to use python to do this because it already has a library to do this.
#!/usr/bin/env python
# (:? YOUR SCRIPT IS BAD AND YOU SHOULD FEEL BAD! (:?
# I'M NOT A DEVELOPER AND THIS IS PROBABLY VERY, VERY BAD, but it does work.
# email2sms.py James Stocks
# based upon emailspeak.py by sysadminman - http://sysadminman.net
# v0.0  2012-04-28


# Import libs we need
import sys, time, email, email.Message, email.Errors, email.Utils, smtplib, os, socket, random, re
from datetime import date
from email.Iterators import typed_subpart_iterator
from time import sleep

# Asterisk Manager connection details
HOST = '127.0.0.1'
PORT = 5038
# Asterisk Manager username and password
USER = 'your-ast-man-user'
SECRET = 'dysmsdvsa'

# Generate a random number as a string. We'll use this for file names later on
callnum = str(random.randint(1, 100000000))

# Taken from here, with thanks -
# http://ginstrom.com/scribbles/2007/11/19/parsing-multilingual-
# email-with-python/
def get_charset(message, default="ascii"):
    """Get the message charset"""

    if message.get_content_charset():
        return message.get_content_charset()

    if message.get_charset():
        return message.get_charset()

    return default

# Taken from here, with thanks -
# http://ginstrom.com/scribbles/2007/11/19/parsing-multilingual-
# email-with-python/
def get_body(message):
    """Get the body of the email message"""

    if message.is_multipart():
        #get the plain text version only
        text_parts = [part
                      for part in typed_subpart_iterator(message,
                                                         'text',
                                                         'plain')]
        body = []
        for part in text_parts:
            charset = get_charset(part, get_charset(message))
            body.append(unicode(part.get_payload(decode=True),
                                charset,
                                "replace"))

        return u"\n".join(body).strip()

    else: # if it is not multipart, the payload will be a string
          # representing the message body
        body = unicode(message.get_payload(decode=True),
                       get_charset(message),
                       "replace")
        return body.strip()

# Read the e-mail message that has been piped to us by Postfix
raw_msg = sys.stdin.read()
emailmsg = email.message_from_string(raw_msg)

# Extract database Fields from mail
msgfrom = emailmsg['From']
msgto =  emailmsg['To']
msgsubj = emailmsg['Subject']
msgbody = get_body(emailmsg)

# Find the part of the 'To' field that is the phone number
phonenum = re.match( r'\+?([0-9]+)', msgto, re.M)

# Whose mobile is this?
mobile = sys.argv[1]

# Write a log file in /tmp with a record of the e-mails
currtime = date.today().strftime("%B %d, %Y")
logfile = open('/tmp/email2sms.log', 'a')
logfile.write(currtime + "\n")
logfile.write("Call Number: " + callnum + "\n")
logfile.write("From: " + msgfrom + "\n")
logfile.write("To: " + msgto + "\n")
logfile.write("Subject: " + msgsubj + "\n")
logfile.write("Body: " + msgbody + "\n\n")
logfile.close()

# Send the call details to the Asterisk manager interface
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
sleep(1)
s.send('Action: login\r\n')
s.send('Username: ' + USER + '\r\n')
s.send('Secret: ' + SECRET + '\r\n\r\n')
sleep(1)
s.send('Action: originate\r\n')
# Dummy channel - I don't actually want any phones to ring
s.send('Channel: LOCAL/1@sms-dummy\r\n')
s.send('Context: mobiles\r\n')
s.send('Exten: ' + mobile + '\r\n') 
s.send('WaitTime: 30\r\n')
# This is a bogus value, but the field is required
s.send('CallerId: 5555\r\n')
# Do not wait for response from dummy channel
s.send('Async: true\r\n')
s.send('Priority: 1\r\n')
# The variables ${SMSTO} and ${SMSBODY} are used in the dialplan
s.send('Variable: SMSTO=' + phonenum.group(1) + ',SMSBODY=\"' + msgbody + '\"\r\n\r\n')
sleep(1)
s.send('Action: Logoff\r\n\r\n')
#Omitting this causes "ast_careful_fwrite: fwrite() returned error: Broken pipe"
sleep(3)
s.close()
Copy the above script to /usr/sbin/email2sms.py and make executable:

# chmod +x /usr/sbin/email2sms.py
The script uses the Asterisk Manager Interface, so it will need an AMI user. Append this to manager.conf:
# vi /etc/asterisk/manager.conf

[your-ast-man-user]
secret=dysmsdvsa
read=call,user,originate
write=call,user,originate
and also make sure it is enabled in the general section:
# vi /etc/asterisk/manager.conf

[general]
enabled = yes
webenabled = yes
port = 5038
You'll note that I'm using the context 'mobiles'. You'll need to make sure that the extensions you'll be using exist in this context in extensions.conf:
# vi /etc/asterisk/extensions.conf

exten => stocksy,1,MobileSendSMS(JS6021,${SMSTO},${SMSBODY})
exten => karen,1,MobileSendSMS(trollphone,${SMSTO},${SMSBODY})
Secondly, there is a dummy extension which the 'call' needs to connect to. A NoOp isn't quite sufficient, I could only get it to work if the extension answered and then did something, in this case answer and wait 10 seconds:
# vi /etc/asterisk/extensions.conf

[sms-dummy]
exten => 1,1,Answer()
exten => 1,n,Wait(10)
exten => 1,n,Hangup
Reload Asterisk to pick up the changes.
So, calling email2sms.py with the argument 'stocksy' uses the JS6021 mobile, and calling it with 'karen' uses the trollphone mobile.
You need to make sure that email for the domain you have chosen - in my case sms.stocksy.co.uk - is routed to the Asterisk box. This will normally be accomplished by creating an MX record or creating a transport for the domain on your mail server. Again, I'm not going to cover that part here, but I will cover how to pipe the incoming messages into the python script.
Assuming that you are using postfix, you'll need a new transport for each mobile you want to use. In my case:
# vi /etc/postfix/master.cf

sms-stocksy unix -      n       n       -       -       pipe
  flags=FR user=stocksy argv=/usr/sbin/email2sms.py stocksy

sms-karen unix  -       n       n       -       -       pipe
  flags=FR user=stocksy argv=/usr/sbin/email2sms.py karen
postfix needs to know that it must use these transports for SMS domains:
# vi /etc/postfix/transport ; postmap /etc/postfix/transport

sms.stocksy.co.uk sms-stocksy
sms.herdomain.co.uk sms-karen
If postfix doesn't already have a transport_maps setting, create one. Obviously this could break any existing postfix setup you might have, but if so I'm expecting you to know what you're doing:
# postconf -e transport_maps=hash:/etc/postfix/transport
Restart postfix and that should be all that's necessary.
# /etc/init.d/postfix restart
You need to satisfy yourself that you are not allowing the entire world to relay through your SMS gateway! Understand and make use of postfix's security features! Don't wait until you've racked up a collosal SMS bill! Loud noises!
If things aren't quite working, start by checking your mail log:
# tail -f /var/log/mail.log
You can do a packet trace to see what's happening on the Asterisk Manager Interface:
# tcpdump -A -i lo port 5038
Try talking to the AMI directly:
$ nc localhost 5038

Action: login
Username: your-ast-man-user
Secret: dysmsdvsa

Action: originate
Channel: LOCAL/1@sms-dummy
Context: mobiles 
Exten: stocksy
WaitTime: 30
CallerId: 5555
Async: true
Priority: 1
Variable: SMSTO=5555555555,SMSBODY="foo"

Action: Logoff
Watch out for whitespace in the AMI - exten 'stocksy' != 'stocksy '.
Good luck.

Tuesday 10 December 2013

Stop SIP Flood Attack

 Source:http://kb.smartvox.co.uk/asterisk/friendlyscanner-gets-aggressive/

Not so friendly after all

In my October 2010 articles about Asterisk IP-PBX security (linked here), I described how port scanning probes from the so-called “friendly-scanner” could be seen several times a day on a typical SIP server exposed to the Internet. Since then, I – or at least one of my clients – had the displeasure of experiencing the full fury of this remarkably unfriendly scanner which, when provoked, seems to change from a gentle prod every few hours to a full scale Denial of Service attack at a rate of more than 80 SIP REGISTER requests per second, utterly relentless and lasting for days or even weeks. 
The port scanning probes used SIP OPTIONS while the really unpleasant, full-on, bandwidth-eating manifestation uses SIP REGISTER requests. The fact that in both cases the User Agent is declared to be “friendly-scanner” does not mean that this is a single application operating in two different modes. It probably indicates that some of the source code for these loathsome applications was derived from a common ancestor or that one is a re-worked version of the other. I believe sipvicious and a python program called svwar.py may have the dubious honour of being in some way the original seed for what has now turned into an irritating and potentially costly problem for VoIP users around the world. But should we blame gun manufacturers when there is an armed robbery or illegal shooting? Perhaps not. Anyway, I digress. 

Symptoms of an attack

My client called me to say that their remote users were experiencing serious problems with their connection to the Asterisk phone system at the office. My own phone refused to register using exactly the same credentials as had worked a few days earlier. I tried to use remote access to check the server, but the connection was dreadfully slow to the point where it was unusable. 
Making sense of what was happening was difficult because there did not seem to be any unauthorised calls and the internal office extensions were all working fine as were the analogue trunks that they use for inbound calls and as a backup in case of Internet problems. I knew the phone account passwords were all sufficiently strong and complex to not be hacked and other security settings such as “alwaysauthreject=yes” were configured for maximum resistance to attack, yet the firewall logs showed that there was a continuous heavy use of bandwidth from the Asterisk PBX to some address on the Internet. The fact that the outbound traffic was using approximately four times the bandwidth of the inbound made me think it must be some malware running on the server. This misconception caused me a considerable delay before I finally thought to run tcpdump and see exactly what was going on. By the way, the Asterisk CLI command “sip set debug on” will also show what is happening, but you may then find it difficult to turn off the sip debug because of the rate at which information is being written to the screen. Running “tcpdump udp -nn” at the Linux command prompt is safer because it just writes one line to the screen per request and Control-C is all that is required to stop it.
The outbound UDP packets outnumbered the inbound because Asterisk was sending a rejection for each registration attempt and then re-sending it when it didn’t get an ACK response – it would send as many as 5 responses to every one inbound REGISTER request. With inbound requests running at nearly 100 per second this was causing it a bit of a headache. 

Blocking the attack

As soon as I realised what was happening, it was relatively simple to add a firewall rule to block all inbound data from the single IP address that was sending the requests. Yes, it was all from one IP address and No, contacting the owners of that address was as much use as a chocolate teapot. 
As soon as I blocked the inbound requests, the remote users were suddenly able to make calls again and everything went quiet. Job done I thought. Well, not quite. 

It just carried on and on

I assumed the attack would stop pretty quickly once the inbound packets were blocked at the firewall and no responses were coming back from Asterisk. Not so. I checked the traffic monitor on their firewall the next day and the day after. The inbound stream of requests was still there. After a week, the firewall began to creak and get sick because it was running out of memory. Well it is only a modest little Draytek router, but it is designed for a small business environment and should have been able to cope with the simple task of blocking a continuous stream of unwanted SIP requests coming from one IP address on the Internet. In my opinion, someone at Draytek should be shot for designing a router/firewall that adds an entry to the NAT sessions table before it inspects the firewall rules to see if the source address is blocked! 
So a quick solution at this point was to add a rule to iptables on the Asterisk box and let the requests come through the Draytek. That took the pressure off the Draytek, but no matter what ICMP response I sent back (including no response), the requests just kept flooding in. If anything, they were getting faster and using more bandwidth (see graph below). 
I am now convinced that the unending nature of the attack is not deliberate, but is as a result of a bug in the code which puts it into an infinite loop. Clearly the people who produced these friendly-scanner hacking tools aren’t  as clever as they would no doubt like to believe. 

How to stop it completely

The answer was in a blog by Joshua Stein, to whom I am indebted. His solution involved redirecting the requests to a new port so it would not be necessary to shut down the Asterisk PBX application. However, my client didn’t need 24×7 operation of their phone system so instead I just modified Joshua’s Ruby script to use port 5060, stopped Asterisk, ran the Ruby script and that was it. The requests just stopped. Then I restarted Asterisk. This graph from the firewall shows the bandwidth being used over a week and the abrupt end of the problem when I finally ran Joshua’s script. 
Internet bandwidth as a graph during friendly scanner attack
Graph of Internet bandwidth

Using Joshua’s Ruby script on a CentOS server

Install Ruby using yum: yum install ruby 
Copy the script from the box below and paste it into a file. I called my file spoof_sip_ok. (If you use a text editor like vi or nano while connected through SSH with Putty, then a right-click of the mouse will paste text previously copied into the clipboard). The original script is no longer available at Joshua’s own blog site, so I have reproduced the whole thing here with a couple of minor adjustments: 
#!/usr/bin/env ruby
require "socket"

s = UDPSocket.new
s.bind("0.0.0.0", 5060)
while true
  packet = s.recvfrom(1024)

  via = packet[0].match(/Via: (.+);rport/)[1]
  from = packet[0].match(/From: (.+)/)[1]
  to = packet[0].match(/To: (.+)/)[1]
  call_id = packet[0].match(/Call-ID: (.+)/)[1]
  cseq = packet[0].match(/CSeq: (\d+) REGISTER/)[1]

  remote_ip = packet[1][3]
  remote_port = packet[1][1].to_i

  puts packet.inspect

  if packet[0].match(/^REGISTER /)
    ret = "SIP/2.0 200 OK\r\n" +
      "Via: #{via};received=#{remote_ip}\r\n" +
      "From: #{from}\r\n" +
      "To: #{to}\r\n" +
      "Call-ID: #{call_id}\r\n" +
      "CSeq: #{cseq.to_i + 1} REGISTER\r\n" +
      "\r\n"

    puts "sending to #{remote_ip}:#{remote_port}:\n#{ret}"

    s.send(ret, 0, remote_ip, remote_port)
  end
end
 
 
You can insert your own server’s IP address in the s.bind parameters if you want, but 0.0.0.0 should just bind to all interfaces. Also remember to make the file executable, for example using the Linux command chmod 755 spoof_sip_ok
The original article was at “http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood”, but the whole domain seems to no longer be active (as of March 2013).
Before you run the above version of the script, make sure Asterisk is stopped. I found it would immediately restart when I used ”amportal stop” and instead used the CLI command “stop now”. You can check that it has stopped by typing this command at the Linux command prompt: netstat -lunp 
If Asterisk is running, it will be using port 5060 and the output of the netstat command would look like this: 
user@asterisk:~ $ netstat -lunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address   State    PID/Program name
udp        0      0 0.0.0.0:5060      0.0.0.0:*                  16301/asterisk

To run the Ruby script, just type ./spoof_sip_ok at the Linux prompt.

Thursday 28 November 2013

Tìm hiểu thêm về acquy & ups

SOURCE: http://www.powerload.vn/news/detail/acquy,-accu,-binh-dien-30.html




Chào các bạn,
Sau đây là một số thuật ngữ được dùng nhiều trong acquy và ups.
Dung lượng của acquy (accu) là lượng điện (điện tích) mà accu đó sau khi đã được nạp đầy sẽ phát ra được trước khi hiệu điện thế giảm xuống đến mức ngừng. Mức ngừng là mức mà không nên để acquy phát điện tiếp, nếu cứ để acquy phát điện ở dưới mức ngừng thì sẽ giảm tuổi thọ, thậm chí có thể làm acquy hỏng ngay. Đó là trường hợp dùng nhiều acquy mắc nối tiếp nhau khi 1 hay nhiều acquy trong dãy đó đã phát hết điện mà những cái khác chưa hết điện và ta tiếp tục dùng thì cái hết điện trước sẽ bị đảo cực và hỏng hoàn toàn. Với acquy acid chì thì mức ngừng là 1,67V cho mỗi ngăn (cell) (10V đối với acquy 12VDC)
Coulomb là đơn vị đo điện tích. Đại lượng điện tích không phụ thuộc vào điện thế của acquy. 1 Coulomb = 1 Ampere * 1 sec: như vậy cũng có thể dùng Ampere * second để chỉ đại lượng điện tích. Tụ điện (Capacitor) cũng có chức năng như acquy. Đơn vị đo điện dung của tụ điện là Farad, lấy từ tên nhà khoa học Michael Faraday. 1 Farad = 1 Coulomb / 1 Volt.
Đơn vị đo điện tích acquy thường dùng trong thực tế là Ah (Ampere * hour).
Thông số điện tích của acquy do nhà sản xuất công bố thường được tính khi phát điện với dòng điện nhỏ trong 20 giờ (20Hr). Ví dụ acquy 100Ah sẽ phát được dòng điện 5A trong 20 giờ. Khi dòng điện phát ra càng lớn thì thời gian phát điện càng ngắn. Các bạn nên xem bảng thông số kỹ thuật chi tiết của sản phẩm do nhà máy công bố trước khi chọn mua hàng. Tại trang www.powerload.vn, các sản phẩm hầu hết được đính kèm file .pdf thông số kỹ thuật trong phần "chi tiết sản phẩm" ngay bên dưới hình ảnh của sản phẩm khi xem chi tiết.
Sau đây là câu chuyện có thật, xin được chia sẽ:
Có một bác nọ mua một UPS dùng điện áp charge là 12VDC và một chiếc acquy 12V-65Ah để dùng cho một chú laptop IBM T61. Sau khi xả tải (dùng điện acquy để cấp nguồn cho con T61 (75w) được hơn 6 giờ. Bác ấy gọi điện cho em thắc mắc: "tại sao pin của laptop bé tí tẹo (nằm gọn trong lòng bàn tay) mà xài được 3 giờ, trong khi cái acquy nặng 23 cân chỉ xài được có 6 giờ là thế nào?".
Điện thế của acquy là DC (một chiều), trong khi điện lưới là AC (xoay chiều). UPS phải dùng inverter để chuyển đổi điện từ 12VDC lên 220VAC rồi mới cấp cho adaptor của máy laptop. Chắc là bác ấy lấy điện tích của acquy đó (65Ah) chia cho dòng điện cấp cho máy tính T61 (khoảng 3.4A) = 19 giờ.

Cách tính công suất UPS và dung lượng acquy

SOURCE: http://www.powerload.vn/news/detail/cach-tinh-cong-suat-ups,-dung-luong-acquy-29.html


Chào các bạn,
Mùa này có thể nói là mùa "nóng". Thiếu điện, trong nhà nóng, trong người cũng nóng. Đi mua UPS, móc túi một đống tiền ... cũng gây nóng.
Nói thế nhưng việc cần thì phải làm.
Mọi thứ quanh ta đang nóng, bê nhầm con ups về nhà lại dùng không được như ý mình muốn thì ... buzz!
Để tránh cho mọi thứ nổ tung, thiết nghĩ, chúng ta cùng tìm tòi một tí về cách thức tính công suất để chọn ups và thời gian lưu điện cần đủ cho nhu cầu của mình để chọn dung lượng acquy (có thể tham khảo các viết liên quan trong mục "kiến thức tiêu dùng").
Để bắt đầu, chúng ta phải xác định được những cái gì mình cần dùng qua ups khi điện lưới bị cắt. Nếu ở gia đình thì quạt, thắp sáng, tủ lạnh, ... Lưu ý là mọi thiết bị điện, điện tử, ... đều được nhà sản xuất ghi rõ công suất tiêu thụ điện và được in hoặc dán đâu đó trên thiết bị. Có thể là ghi bằng chỉ số watts (w), có thể ghi bằng V-A (để quy đổi thành watts từ V-A, chỉ việc lấy số V nhân với số A là được). Công suất ghi trên thiết bị là công suất tối đa mà thiết bị đó có thể đạt đến, thường được gọi là công suất đỉnh hoặc công suất danh định (nominal). Thực tế trong điều kiện hoạt động bình thường thì ít khi nào thiết bị đạt đến 100% công suất tối đa của nó. Công suất tiêu thụ thực tế là công suất khi thiết bị hoạt động ở chế độ bình thường. Ví dụ, nguồn máy tính ghi là 350W. Đây là công suất tối đa của nguồn có thể đáp ứng. Tuy nhiên, với một chiếc máy tính thông thường đủ các bộ phận chuẩn dùng màn hình LCD 15" thì công suất tiêu thụ thực tế của máy tính này khoảng 150w-200w.
Công suất UPS thường được ghi bằng VA. Lấy chỉ số VA này nhân với hệ số công suất (Power Factor) của ups (PF=0.6, 0.7, 0.8, 0.9, 1) sẽ cho ra chỉ số Watts. PF của từng loại, hiệu UPS, Inverter khác nhau có thể sẽ khác nhau, dao động từ 0.6 đến 1 (PF càng gần với 1 càng tốt). Khi chọn mua UPS hoặc Inverter, chúng ta nên chọn loại có công suất gấp đôi so với tổng công suất mình cần dùng. Giả sử bạn dùng cho văn phòng hoặc gia đình với tổng các thiết bị đầu cuối vào khoảng 1000W, thì phải chọn ups có công suất tải đến 2000W, nếu tài chính không cho phép thì cũng phải gồng cho được con ups có công suất tải 1500W.
Sau khi đã xác định được công suất tiêu thụ cần thiết để chọn ups, chúng ta phải tính đến thời gian lưu điện mà ups cần phải đáp ứng - chọn dung lượng acquy (Ah). Acquy dân dụng thường có điện áp là 12V, công suất cao nhất của dòng acquy 12V này thường chỉ dừng lại ở con số 200Ah (xem thêm bài viết về acquy). Có thể xác định dung lượng acquy bằng cách
Ah = (T*W) / (V*PF)              Hoặc xác định Thời gian tải bằng cách T = (Ah * V * PF) / W
trong đó
Ah là dung lượng của acquy
T là thời gian (giờ) cần dùng khi mất điện
W là tổng công suất các thiết bị gắn vào UPS
V là điện áp charge của UPS
PF là hệ số công suất của UPS
Ví dụ: Tôi cần dùng 2 chiếc quạt treo tường (70W/cai), 2 bóng đèn neon 1,2M (40W/cai), 02 máy tính xách tay (65W-110W), Một cái modem, và 1 cái Switch, 1 cái tổng đài điện thoại 3 CO (40W), một chiếc máy fax nhiệt (260W) trong thời gian liên tục 8 giờ cho một ngày mất điện.
Theo đó. ta tính tổng công suất các thiết bị: (70*2) + (40*2) + (65*2) + 10 + 10 + 40 + 260 = 630Watts
Với công suất này, phải chọn ups có công suất gấp đôi tức là 630w * 2 = 1260W. Nếu UPS có hệ số công suất là 0.6 thì mình cần phải trang bị ups tương đương 2000VA (2000*0.6=1200W). UPS phải có dòng charge (A) đủ lớn để charge cho hệ thống acquy. Theo tiêu chuẩn, dòng charge của UPS phải đáp ứng là 1/10 so với dung lượng của acquy (nếu acquy là 100Ah thì dòng charge cần đáp ứng là 10A). Nếu UPS được chọn có điện áp charge cho hệ thống acquy là 48VDC (tương đương với việc gắn 4 cái acquy 12V mắc nối tiếp nhau), và có hệ số công suất là 0.7 thì chúng ta có thể ráp vào công thức trên như sau:
Ah = (T*W) / (V*PF) = (8 giờ * 630 W) / (48 VDC * 0.7 PF) = 150

Như vậy, cần phải dùng 4 cái acquy 12V-150Ah đế đáp ứng cho tải 630W trong thời gian 8 giờ.

Friday 22 November 2013

Asterisk queues.conf



Source: http://www.syednetworks.com/asterisk-queues-conf

In Asterisk queues.con file is where we define queues and the way that how to handle the callers.
• Reasonable queuing support within Asterisk
• Queues can have static or dynamic members
• Members can be channels, or Agents
• Automatic distribution of calls based on queue strategy
Here is queues.conf options are available:
In Asterisk queues.con file is where we define queues and the way that how to handle the callers.
• Reasonable queuing support within Asterisk
• Queues can have static or dynamic members
• Members can be channels, or Agents
• Automatic distribution of calls based on queue strategy
Here is queues.conf options are available:
persistentmembers = yes, so that when you restart Asterisk the agents will be automatically readded into their recorded queues. By default the option is set to yes.
Each queue is a separate section. For example, a snake in the [support]. The following parameters are available:
musiconhold In musiconhold.conf file defined category of music queue. We choose the top-scale Category default:
musiconhold = default
announce
you can specify an announcement, which to be played to the agents, when they answer the incoming call. Usually this option is used to inform the agents, which queue exactly, they will answer. This is made for agents which are set in more than one queue.
; announce = Technical-support
If you use this option, make sure that file technical-support.gsm should be availabe in the sound directory the default path of sound directory is /var/lib/asterisk/sounds.
Strategy
Determines how and what’s the order of the agents when a call comes to this queue:
ringall
All available agent should ring until one responds. (Default)
roundrobin
ring the each available agent one by one.
leastrecent
Call the agent who is longest idle in available agents
fewestcalls
ring the agent with fewest completed calls from this queue.
Random
Select the agent randomly from this queue.
rrmemory
Round-robin with memory. Starts the series in which, after the last call to the series.
In Asterisk 1.6 will probably be the roundrobin procedure is forfeited and rrmemory in roundrobin renamed.
It should be noted that agents, for which a lower penalty (penalty) has been established agent who always preferred a higher penalty.
Strategy = ringall
The setting depends on your circumstances: ringall may be annoying, while others cause additional waiting time for the caller, if agents not connected to the phone.
Level
Sets the time (in seconds), in which calls should be answered. Only for statistical analysis interesting ( “How many calls were made within the service time of x seconds answered?”).
Service = 60
Context
Here can be a context where you want to send the caller, if the caller presses the key (the one you want the caller to be pressed) the extension will be dialed from the mentioned queue.
context = support-context – so we could adjust it
Timeout
Determines how long (in seconds) a phone ringing, until we are not as busy (timeout).
timeout = 15
retry
Determines how long (in seconds) to wait before all agents phoned again.
retry = 5
weight
Weight of queue – when compared to other queues, higher weights get preference
weight = 0
wrapuptime
how long before sending agent another call
We let our agents a little breather to a sip of water to drink:
wrapuptime = 10
maxlen
Maximum number of the callers in the queue (default: 0 for unlimited).
maxlen = 0
announce-frequency
Certainly, at what intervals (in seconds) the callers their position in the queue and / or the estimated waiting time will be announced (0 for nothing i.e. announce-frequency = 0 means off).
announce-frequency = 90
announce-holdtime
Whether the estimated waiting time in the announcements for the position would be called. Possible values are yes (yes), no (no) or once (only once).
announce-holdtime = Yes
Round-announce-seconds
Rounding steps of seconds. With the setting of 0, only minutes, not seconds announced. Other possible values are: 0, 1, 5, 10, 15, 20 and 30 [72] (At 30, for example, would an estimated waiting time from 2:34 to 2:30 rounded.)
announce-round-seconds = 0
Language blocks
The following parameters are, what language blocks for the announcements of the position and waiting periods. I.d.R changes are not necessary:
queue-youarenext = queue-youarenext; “You are now first in line.”
queue-thereare = queue-thereare; “There are” …
queue-callswaiting = queue-callswaiting … “Calls waiting.”
queue-holdtime = queue-holdtime; “The current est. holdtime is” …
queue-minutes = queue-minutes … “Minutes”
queue-seconds = queue-seconds … “Seconds”
queue-thankyou = queue-thankyou, “Thank you for your patience.”
queue-lessthan = queue-less-than … “less than” …
queue-reporthold = queue-reporthold; “hold time” …
periodic-announce = queue-periodic-announce, “All reps busy, wait for next”
If these parameters are not specified (out), these default values.
periodic-announce-frequency
Certainly, at what intervals (in seconds) the callers the periodic announcement (periodic-announce, “There are all employees in an interview, please wait.”) To be announced.
periodic-announce-frequency = 60
Monitor format
The indication of this parameter turns the recording of interviews (as with the monitor () Application) and determines the recording format. (For auskommentiertem monitor-format recordings are not made.) Enter here gsm, wav (large files) or wav49.
If you want records the call in the gsm format uncomment this line, please note the call will be recorded when agent answeres the call:
; monitor-format = gsm
By default, the files (one-in-and out) to $ UNIQUEID) (named. You can change if necessary, by using the dial plan before the queue () call Set (MONITOR_FILENAME = filename). We take the example but no change.
Join Monitor
Combine the two by a call recording files generated …- …- in and out to a file. Values: yes or no
Monitor-join = Yes
joinempty
Determines whether callers in a queue without agents indicated.
Yes
Callers can be placed in a loop without agents or by non-agents available for classification purposes.
No.
Callers can not in a loop without agents indicated.
strict
Callers can not in a loop without agents indicated (but in a snake with only non-available agents).
Non-available should not be confused with the conversation (busy). An agent is not available when he is assigned to the snake, but not actually registered in the system (see also “member”). Caution: Static defined members (see “member”) are always available!
If a caller not to be a snake, the queue () application quits, and the Dial plan will continue.
joinempty = no, we want our callers are not unnecessarily wait
leavewhenempty
It will determines whether as soon as all the agents out the call will not go to this queue. Possible values as joinempty. After leaving the queue, the dial plan.
leavewhenempty = strict; callers are not unnecessarily wait
eventwhencalled
If a (yes | no), whether etc. the following events for the Manager interface is used: Called Agent, Agent dump, Agent Connect, Agent Complete.
eventwhencalled = Yes
eventmemberstatus
If a (yes | no), whether members queue status events in the produce manager interface (can be many).
eventmemberstatus = No
reportholdtime
Sets (yes | no), whether to the agent the waiting time of the caller will be announced before it entertained the caller. (Taste issue)
reportholdtime = No
memberdelay
Where, how long (in seconds) the caller hears silence before he connected with an agent.
memberdelay = 1
timeoutrestart
Determines whether the response time of an agent in a busy or overloaded pipe signal is reset. Can be useful for agents who have the right to reject a call.
timeoutrestart = Yes
autopause
Autopause will pause a queue member if they fail to answer a call.
ringinuse
Determines whether such agent phoned to be known of which is that they are in conversation. The channel so far the only driver, the status transmitted is SIP.
ringinuse = No
Member
It is possible to intervene directly in the queues.conf agents in the form of static
member => Technology Resource [, Malus]
– Also e.g. member => Zap / 2 – them (may be used several times, see queues.conf). But this can result in problems with joinempty and leavewhenempty, since these agents always be available, even if it is in fact not at their apparatus. It also has the disadvantage that always finds an agent is assigned to an apparatus and not from another apparatus from register.
We therefore prefer to use dynamic form and arrange queue support in the form:
member => Agent / AgentenNr
two agents 1001 and 1002 to:
member => Agent/1001
member => Agent/1002

Wednesday 20 November 2013

Clean up Asterisk sample config files

sed '/^;/d' manager.conf.sample | sed '/^[ \t]/d' | sed '/^$/d' > manager.conf

Wednesday 13 November 2013

Using Wget to download entire website:


use following command to download the website:

wget -r -Nc -mk http://bacutin.blogspot.com/
-r  Turn on recursive retrieving
-N  Turn on time-stamping
-m  Create a mirror
-k  Convert the link

Sunday 3 November 2013

A skeletal model for the client-proxy-server system

A skeletal model for the client-proxy-server system

Client

The client should do the following things:
  1. Read the file that's going to get sent
    • open(), fp.read() etc.
  2. Create a socket and establish a TCP connection to the proxy
    • socket.socket(), proxysock.connect() with SOCK_STREAM
  3. Send the file data stored into a variable in step 1 to the proxy
    • proxysock.sendall()
  4. Wait for an answer
    • proxysock.recv()
  5. Close the connection
    • proxysock.close()

Proxy

The proxy, being basically both a kind of a server and a client, should do the following things:
  1. Create a listening socket, wait for incoming connections from the client, accept and store the handle of an incoming connection
    • socket.socket(), proxyserversock.bind(), proxyserversock.listen(), proxyserversock.accept()
  2. Read the data from the incoming connection
    • clientsock.recv()
  3. Store the received data into a file
    • open(), fp.write() etc.
  4. Create a socket and establish a TCP connection to the server
    • socket.socket(), serversock.connect() again with SOCK_STREAM
  5. Send the data received from the client onwards to the server
    • serversock.sendall()
  6. Wait for an aswer
    • serversock.recv()
  7. Pass the answer on to the client
    • clientsock.sendall()
  8. Close the connections to the server and the client, but leave the listening socket on
    • serversock.close(), clientsock.close()

Server

The server should do the following things:
  1. Create a listening socket, wait for incoming connections from the proxy, accept and store the handle of an incoming connection
    • socket.socket(), serversock.bind(), serversock.listen(), serversock.accept()
  2. Read the data from the incoming connection
    • proxyclientsock.recv()
  3. Store the received data into a file
    • open(), fp.write() etc.
  4. Send an answer to the proxy
    • proxyclientsock.sendall()
  5. Close the connection, but leave the listening socket on
    • proxyclientsock.close()

Additional notes

After implementing the basic model described above, you can easily start adding more features. For example, you could add a sleep in the proxy between steps 3 and 4 and instead of directly sending the data received from the client to the server, you could read the file and send the contents - this way you can manually change the file before it gets sent to the server.
I also suggest you read Beej's Guide to Network Programming if you want to really learn the basics of network programming. The examples are in C, but the basic principles also apply in Python (and other languages as well).

UDP Connection

TCP Connection