Friday, 20 December 2013

convert mp3 to gsm/ulaw for Asterisk

# Install mpg123 to convert mp3 to wav file
mpg123 -w
; convert the output wav file to format that Asterisk can recognize
sox -v 0.9 input.wav -c 1 -r 8000  output.wav
; -v: reduce volume

Monday, 16 December 2013

Install chan_mobile on ClearOS 5.2 SP2, Asterisk 1.8 and FreePBX 2.8

Source: http://samyantoun.50webs.com/asterisk/chan_mobile/

 
Install chan_mobile on ClearOS 5.2 SP2, Asterisk 1.8 and FreePBX 2.8

  • Legend (Variable and Scope)
    • PBX Pairing Password User
      PBX Name User
      Context User
      Bluetooth USB Device Name User
      MAC Address System
      ID System
      Mobile Phone MAC Address System
      Port System
      Number User
      ID User
  • ClearOS
    • Install Bluez
      • Yum
        • yum install -y bluez-utils bluez-libs bluez-libs-devel bluez-hcidump
      • Edit /etc/bluetooth/hcid.conf
        • Backup
          • cp -vf /etc/bluetooth/hcid.conf /usr/src/svn/hcid.conf.original
        • Clean (Optional)
          • sed -i '/^\t#/d;/^#/d;/^$/d' /etc/bluetooth/hcid.conf
        • Edit options Section
          • Change security user to security auto
            • sed -i 's/security user/security auto/' /etc/bluetooth/hcid.conf
          • Change passkey "BlueZ" to passkey "1234"
            • sed -i 's/passkey "BlueZ"/passkey "1234"/' /etc/bluetooth/hcid.conf
        • Edit device Section
          • Change name "%h-%d" to name "My PBX"
            • sed -i 's/name "%h-%d"/name "My PBX"/' /etc/bluetooth/hcid.conf
          • Change class 0x120104 to class 0x000100
            • sed -i 's/class 0x120104/class 0x000100/' /etc/bluetooth/hcid.conf
      • Service
        • service bluetooth start
    • Setup Bluetooth USB
      • Connect Bluetooth USB
      • Make Sure USB is connected
        • Test 1
          • Run Command
            • hciconfig -a
          • You should see something like this:
            • hci0: Type: USB
            • BD Address: 00:15:E9:66:BF:B6 ACL MTU: 192:8 SCO MTU: 64:8
            • UP RUNNING
            • RX bytes:949 acl:0 sco:0 events:23 errors:0
            • TX bytes:331 acl:0 sco:0 commands:22 errors:0
            • Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00
            • Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
            • Link policy: RSWITCH HOLD SNIFF PARK
            • Link mode: SLAVE ACCEPT
            • Name: 'My PBX'
            • Class: 0x000100
            • Service Classes: Unspecified
            • Device Class: Computer, Uncategorized
            • HCI Ver: 1.1 (0x1) HCI Rev: 0x20d LMP Ver: 1.1 (0x1) LMP Subver: 0x20d
            • Manufacturer: Cambridge Silicon Radio (10)
        • Test 2
          • Run Command
            • hcitool dev
          • You should see something like this:
            • Devices:
            •     hci0   00:15:E9:66:BF:B6
    • Setup Mobile Phone
      • Make PBX discoverable:
        • dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/hci0 org.bluez.Adapter.SetMode string:discoverable
      • Pair PBX
        • On the mobile phone, Search for devices (Nokia, Settings > Connectivity > Bluetooth > Paired devices > Add new device
        • You should find your PBX as My PBX. Pair with a pin of 1234
      • Make sure we can see your phone
        • Run Command
          • hcitool scan
        • You should see something like this:
          • Scanning ...
          •    FC:E5:57:EB:4A:87    MyMobile
  • Asterisk
    • Edit /etc/asterisk/mobile.conf
      • Create Config File
        • touch /etc/asterisk/mobile.conf
        • chown asterisk:asterisk /etc/asterisk/mobile.conf
        • chmod 664 /etc/asterisk/mobile.conf
      • Create [adapter] sections
        • echo "[adapter]
        • id=dlink01
        • address=00:15:E9:66:BF:B6" > /etc/asterisk/chan_mobile.conf
    • Search for your bluetooth devices from Asterisk. This command might take 8 - 10 seconds
      • Rum Commands
        • asterisk -r
        • module load chan_mobile.so
        • mobile search
      • You should see something like this:
        • Address            Name       Usable  Type   Port
        • FC:E5:57:EB:4A:87  My Mobile  Yes     Phone  13
    • Edit /etc/asterisk/mobile.conf
      • echo "[nokia_c1_01_01]
      • address=FC:E5:57:EB:4A:87
      • port=13
      • context=from-mobile-nokia-c1-01-01
      • adapter=dlink01
      • group= 1">> /etc/asterisk/mobile.conf
    • Show the status of configured devices, and whether or not the device is capable of sending / receiving SMS via bluetooth:
      • Run Command
        • mobile show devices
      • You should see something like this:
        • ID              Address            Group  Adapter  Connected  State  SMS
        • nokia_c1_01_01  FC:E5:57:EB:4A:87  1      dlink01  Yes        Free   No
  • FreePBX
    • Outgoing
      • Trunk
        • Create a custom trunk
        • Outbound Caller ID = 0123456789
        • Maximum channels = 1
        • Custom Dial String = Mobile/nokia_c1_01_01/$OUTNUM$
      • Outbound Route
        • As desired
    • Incoming
      • Edit /etc/asterisk/extensions_custom.conf
        • echo "
        • ;************* Mobile Nokia C1-01 01 ***************
        • [from-mobile-nokia-c1-01-01]
        • exten => s,1,Noop(Setting DID = 0123456789)
        • exten => s,n,Set(__FROM_DID=0123456789)
        • exten => s,n,Goto(from-trunk,0123456789,1)
        • exten => s,h,Hangup
        • ;*********** End Mobile Nokia C1-01 01 *************
        • " >> /etc/asterisk/extensions_custom.conf
      • Inbound Route
        • DID Number = 0123456789
  • Notes
    • Asterisk Mobile Commands
      • mobile cusd Send CUSD commands to the mobile
        mobile rfcomm Send commands to the rfcomm port for debugging
        mobile search Search for Bluetooth Cell / Mobile devices
        mobile show devices Show Bluetooth Cell / Mobile devices
    • To load or unload chan_mobile module
      • module load chan_mobile.so
      • module unload chan_mobile.so

Use an old Mobile Phone as a GSM Gateway in Asterisk

SOURCE: http://www.stocksy.co.uk/articles/Networks/use_an_old_mobile_phone_as_a_gsm_gateway_in_asterisk/

Like most people I carry a mobile phone, but mine is for emergencies only. Just a handful of people know the the number and that's how I like to keep it. Because I use Asterisk, I'm always reachable through my land line number which I route around between various destinations or voicemail depending on what suits me. I'm spoilt by this, so having my mobile phone ring unexpectedly at an inconvenient time is a bit intrusive.
But, increasingly, almost everyone I interact with wants my mobile number - employers, customers, banks, garages, insurance companies - if it doesn't start '07', they're not happy.
As usual I've decided to try a technical solution to a social problem. I began by using a 'personal use' 070 number which is designed for precisely the kind of single-number-reach setup I use. This 070 number was presented at my SIP provider, who would then route the calls to my Asterisk server across the internet. In the end, this proved to be unsatisfactory because many providers block the 070 range with the justification that it has been abused for premium-rate scams. For example, the number couldn't be dialled from T-Mobile or Orange. Shame.
Undeterred, I tried another approach. I now have an old spare mobile phone which never leaves the house and is permanently connected through bluetooth to Asterisk. This is a real mobile with a real mobile number. I simply feed any incoming calls to this mobile into a macro which handles the call in the same way as calls to my landline. If I want to take calls on my (real) mobile, I can. If I'm not available to take the call, the caller is passed to my Asterisk voicemail box. SMS text messages arrive as emails, my replies to which are sent by SMS. Having all my incoming calls and voicemail messages in one place is very convenient and it prevents me from missing calls when I am in the house and probably would not hear a mobile phone ringing.
Asterisk has included support for bluetooth connections to mobile phones and headsets for some time now. This is accomplished through chan_mobile. Not all phones are supported, so it's worth taking a look at voip-info.org's page which lists the confirmed compatible dongles and phones. I am getting good results with a D-Link DBT-120 dongle and a Nokia E72, 6306i, 6021 handsets, however only the 6021 works with SMS. It is worth noting that each bluetooth dongle can support only one mobile device - this is an annoying limitation of chan_mobile, but it's not as though USB dongles are very expensive.

How it's Done

chan_mobile is an addon, so it needs to be enabled before Asterisk is compiled. On Debian, it's pretty simple, just add a few packages:
# apt-get install bluez-utils bluez-hcidump libbluetooth-dev
then, go to your Asterisk source directory and use make menuselect to enable chan_mobile. It's in Add-ons -> chan_mobile:
# cd /usr/src/asterisk-1.8.11.0
# ./configure && make menuselect
Whilst it compiled and installed OK, I had to make a modification to the chan_mobile source before it would recognise my phone:
# vi /usr/src/asterisk-1.8.11.0/addons/chan_mobile.c

Find this:
 addr.rc_channel = (uint8_t) 1;

Replace with:
 addr.rc_channel = (uint8_t) 0;
Build Asterisk and (re)install:
# make && make install
In order to use a bluetooth-connected phone as a GSM gateway, it's necessary to pair the phone with the Asterisk server. In Debian, this can be accomplished painlessly through the CLI. First, make your phone discoverable and then scan for it:
# hcitool scan
Scanning ...
 EC:1B:6B:64:C2:88 Trollphone
Make a note of the MAC address. In order to pair, a helper is required to handle the PIN. Run the helper in the background and begin the pairing process:
# bluetooth-agent 7472 &
# rfcomm connect hci0 EC:1B:6B:64:C2:88
Once the pairing has succeeded, make sure your phone is configured to automatically accept connections for this paring in future. You can verify that the paring is working at any time by running:
# hcitool con
Connections:
 < ACL EC:1B:6B:64:C2:88 handle 41 state 1 lm MASTER AUTH ENCRYPT
Now, Asterisk needs to be configured to use the paired phone. We need to know which rfcomm channel offers the voice service. The easiest way is to use chan_mobile:
# rasterisk
*CLI> module load chan_mobile.so
Don't worry about any errors loading the module, it'll do for now:
*CLI> mobile search 
EC:1B:6B:64:C2:88 Trollphone                     Yes    Phone   2
In this case it is rfcomm channel 2. In addition, we need to know the MAC address of the bluetooth dongle installed in the Asterisk server. Exit the Asterisk CLI and use hcitool:
# hcitool dev
Devices:
 hci0 00:81:C5:33:25:A4
At last we have all the information needed. Edit or create the chan_mobile configuration file:
# vi /etc/asterisk/chan_mobile.conf

[Adapter]
address = 00:81:C5:33:25:A4
id = pabx

[Trollphone]
address = EC:1B:6B:64:C2:88
port = 2
context = from-trollphone
adapter = pabx
You will need something in the dialplan to handle this, at minimum something like:
# vi /etc/asterisk/extensions.conf

[from-trollphone]
exten => s,1,Dial(SIP/100)

[my-phones]
exten => *12,1,Dial(MOBILE/Trollphone/150)
When the mobile rings, you should get a call on SIP extension 100. Dialling *12 will cause the phone to dial 150, which in my case gives me Orange customer services. I'm sure you get the idea.

What about SMS?

Trickier, but there is a solution. None of the phones I had spare were supported by chan_mobile's SMS capabilities. According to the chan_mobile wiki page, only three phones are known to support SMS: the Nokia models E51, 6021 and 6230i. Of the three, the 6021 seems to be the most widely available - I was able to get three of them from eBay for just a few pounds.
Once the phone is paired in the normal way, it will send any incoming SMS messages to Asterisk over the bluetooth connection. Asterisk looks for an 'sms' extension in the context you specified in chan_mobile.conf. I suggest something like this in your dialplan:
[from-trollphone]
exten => sms,1,Verbose(Incoming SMS from ${SMSSRC} ${SMSTXT})
exten => sms,n,System(echo "To: stocksy@stocksy.co.uk" > /tmp/smsmail)
exten => sms,n,System(echo "Subject: SMS from ${SMSSRC}" >> /tmp/smsmail)
exten => sms,n,System(echo "${SMSTXT}" >> /tmp/smsmail)
exten => sms,n,System(sendmail -t -f ${SMSSRC}@sms.stocksy.co.uk < /tmp/smsmail)
exten => sms,n,Hangup()
At first, incoming messages were all arriving with a blank ${SMSSRC}, the easy solution was to apply a patch and re-compile:
# cd /usr/src/asterisk-1.8*
# wget --no-check-certificate https://issues.asterisk.org/jira/secure/attachment/42026/sms-sender-fix.diff
# patch -p0 < sms-sender-fix.diff
# ./configure && make && make install
Now, incoming messages are delivered to me as emails claiming to be from +MOBILENUMBER@sms.stocksy.co.uk. Obviously, this requires the Asterisk system to have a working MTA, the setup of which I won't cover here. If you don't have an MTA at present, take a look at postfix.
Outgoing SMS messages are more work because it's necessary to parse the contents of the email message, the format of which will be a little less predicatable than an SMS. I elected to use python to do this because it already has a library to do this.
#!/usr/bin/env python
# (:? YOUR SCRIPT IS BAD AND YOU SHOULD FEEL BAD! (:?
# I'M NOT A DEVELOPER AND THIS IS PROBABLY VERY, VERY BAD, but it does work.
# email2sms.py James Stocks
# based upon emailspeak.py by sysadminman - http://sysadminman.net
# v0.0  2012-04-28


# Import libs we need
import sys, time, email, email.Message, email.Errors, email.Utils, smtplib, os, socket, random, re
from datetime import date
from email.Iterators import typed_subpart_iterator
from time import sleep

# Asterisk Manager connection details
HOST = '127.0.0.1'
PORT = 5038
# Asterisk Manager username and password
USER = 'your-ast-man-user'
SECRET = 'dysmsdvsa'

# Generate a random number as a string. We'll use this for file names later on
callnum = str(random.randint(1, 100000000))

# Taken from here, with thanks -
# http://ginstrom.com/scribbles/2007/11/19/parsing-multilingual-
# email-with-python/
def get_charset(message, default="ascii"):
    """Get the message charset"""

    if message.get_content_charset():
        return message.get_content_charset()

    if message.get_charset():
        return message.get_charset()

    return default

# Taken from here, with thanks -
# http://ginstrom.com/scribbles/2007/11/19/parsing-multilingual-
# email-with-python/
def get_body(message):
    """Get the body of the email message"""

    if message.is_multipart():
        #get the plain text version only
        text_parts = [part
                      for part in typed_subpart_iterator(message,
                                                         'text',
                                                         'plain')]
        body = []
        for part in text_parts:
            charset = get_charset(part, get_charset(message))
            body.append(unicode(part.get_payload(decode=True),
                                charset,
                                "replace"))

        return u"\n".join(body).strip()

    else: # if it is not multipart, the payload will be a string
          # representing the message body
        body = unicode(message.get_payload(decode=True),
                       get_charset(message),
                       "replace")
        return body.strip()

# Read the e-mail message that has been piped to us by Postfix
raw_msg = sys.stdin.read()
emailmsg = email.message_from_string(raw_msg)

# Extract database Fields from mail
msgfrom = emailmsg['From']
msgto =  emailmsg['To']
msgsubj = emailmsg['Subject']
msgbody = get_body(emailmsg)

# Find the part of the 'To' field that is the phone number
phonenum = re.match( r'\+?([0-9]+)', msgto, re.M)

# Whose mobile is this?
mobile = sys.argv[1]

# Write a log file in /tmp with a record of the e-mails
currtime = date.today().strftime("%B %d, %Y")
logfile = open('/tmp/email2sms.log', 'a')
logfile.write(currtime + "\n")
logfile.write("Call Number: " + callnum + "\n")
logfile.write("From: " + msgfrom + "\n")
logfile.write("To: " + msgto + "\n")
logfile.write("Subject: " + msgsubj + "\n")
logfile.write("Body: " + msgbody + "\n\n")
logfile.close()

# Send the call details to the Asterisk manager interface
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
sleep(1)
s.send('Action: login\r\n')
s.send('Username: ' + USER + '\r\n')
s.send('Secret: ' + SECRET + '\r\n\r\n')
sleep(1)
s.send('Action: originate\r\n')
# Dummy channel - I don't actually want any phones to ring
s.send('Channel: LOCAL/1@sms-dummy\r\n')
s.send('Context: mobiles\r\n')
s.send('Exten: ' + mobile + '\r\n') 
s.send('WaitTime: 30\r\n')
# This is a bogus value, but the field is required
s.send('CallerId: 5555\r\n')
# Do not wait for response from dummy channel
s.send('Async: true\r\n')
s.send('Priority: 1\r\n')
# The variables ${SMSTO} and ${SMSBODY} are used in the dialplan
s.send('Variable: SMSTO=' + phonenum.group(1) + ',SMSBODY=\"' + msgbody + '\"\r\n\r\n')
sleep(1)
s.send('Action: Logoff\r\n\r\n')
#Omitting this causes "ast_careful_fwrite: fwrite() returned error: Broken pipe"
sleep(3)
s.close()
Copy the above script to /usr/sbin/email2sms.py and make executable:

# chmod +x /usr/sbin/email2sms.py
The script uses the Asterisk Manager Interface, so it will need an AMI user. Append this to manager.conf:
# vi /etc/asterisk/manager.conf

[your-ast-man-user]
secret=dysmsdvsa
read=call,user,originate
write=call,user,originate
and also make sure it is enabled in the general section:
# vi /etc/asterisk/manager.conf

[general]
enabled = yes
webenabled = yes
port = 5038
You'll note that I'm using the context 'mobiles'. You'll need to make sure that the extensions you'll be using exist in this context in extensions.conf:
# vi /etc/asterisk/extensions.conf

exten => stocksy,1,MobileSendSMS(JS6021,${SMSTO},${SMSBODY})
exten => karen,1,MobileSendSMS(trollphone,${SMSTO},${SMSBODY})
Secondly, there is a dummy extension which the 'call' needs to connect to. A NoOp isn't quite sufficient, I could only get it to work if the extension answered and then did something, in this case answer and wait 10 seconds:
# vi /etc/asterisk/extensions.conf

[sms-dummy]
exten => 1,1,Answer()
exten => 1,n,Wait(10)
exten => 1,n,Hangup
Reload Asterisk to pick up the changes.
So, calling email2sms.py with the argument 'stocksy' uses the JS6021 mobile, and calling it with 'karen' uses the trollphone mobile.
You need to make sure that email for the domain you have chosen - in my case sms.stocksy.co.uk - is routed to the Asterisk box. This will normally be accomplished by creating an MX record or creating a transport for the domain on your mail server. Again, I'm not going to cover that part here, but I will cover how to pipe the incoming messages into the python script.
Assuming that you are using postfix, you'll need a new transport for each mobile you want to use. In my case:
# vi /etc/postfix/master.cf

sms-stocksy unix -      n       n       -       -       pipe
  flags=FR user=stocksy argv=/usr/sbin/email2sms.py stocksy

sms-karen unix  -       n       n       -       -       pipe
  flags=FR user=stocksy argv=/usr/sbin/email2sms.py karen
postfix needs to know that it must use these transports for SMS domains:
# vi /etc/postfix/transport ; postmap /etc/postfix/transport

sms.stocksy.co.uk sms-stocksy
sms.herdomain.co.uk sms-karen
If postfix doesn't already have a transport_maps setting, create one. Obviously this could break any existing postfix setup you might have, but if so I'm expecting you to know what you're doing:
# postconf -e transport_maps=hash:/etc/postfix/transport
Restart postfix and that should be all that's necessary.
# /etc/init.d/postfix restart
You need to satisfy yourself that you are not allowing the entire world to relay through your SMS gateway! Understand and make use of postfix's security features! Don't wait until you've racked up a collosal SMS bill! Loud noises!
If things aren't quite working, start by checking your mail log:
# tail -f /var/log/mail.log
You can do a packet trace to see what's happening on the Asterisk Manager Interface:
# tcpdump -A -i lo port 5038
Try talking to the AMI directly:
$ nc localhost 5038

Action: login
Username: your-ast-man-user
Secret: dysmsdvsa

Action: originate
Channel: LOCAL/1@sms-dummy
Context: mobiles 
Exten: stocksy
WaitTime: 30
CallerId: 5555
Async: true
Priority: 1
Variable: SMSTO=5555555555,SMSBODY="foo"

Action: Logoff
Watch out for whitespace in the AMI - exten 'stocksy' != 'stocksy '.
Good luck.

Tuesday, 10 December 2013

Stop SIP Flood Attack

 Source:http://kb.smartvox.co.uk/asterisk/friendlyscanner-gets-aggressive/

Not so friendly after all

In my October 2010 articles about Asterisk IP-PBX security (linked here), I described how port scanning probes from the so-called “friendly-scanner” could be seen several times a day on a typical SIP server exposed to the Internet. Since then, I – or at least one of my clients – had the displeasure of experiencing the full fury of this remarkably unfriendly scanner which, when provoked, seems to change from a gentle prod every few hours to a full scale Denial of Service attack at a rate of more than 80 SIP REGISTER requests per second, utterly relentless and lasting for days or even weeks. 
The port scanning probes used SIP OPTIONS while the really unpleasant, full-on, bandwidth-eating manifestation uses SIP REGISTER requests. The fact that in both cases the User Agent is declared to be “friendly-scanner” does not mean that this is a single application operating in two different modes. It probably indicates that some of the source code for these loathsome applications was derived from a common ancestor or that one is a re-worked version of the other. I believe sipvicious and a python program called svwar.py may have the dubious honour of being in some way the original seed for what has now turned into an irritating and potentially costly problem for VoIP users around the world. But should we blame gun manufacturers when there is an armed robbery or illegal shooting? Perhaps not. Anyway, I digress. 

Symptoms of an attack

My client called me to say that their remote users were experiencing serious problems with their connection to the Asterisk phone system at the office. My own phone refused to register using exactly the same credentials as had worked a few days earlier. I tried to use remote access to check the server, but the connection was dreadfully slow to the point where it was unusable. 
Making sense of what was happening was difficult because there did not seem to be any unauthorised calls and the internal office extensions were all working fine as were the analogue trunks that they use for inbound calls and as a backup in case of Internet problems. I knew the phone account passwords were all sufficiently strong and complex to not be hacked and other security settings such as “alwaysauthreject=yes” were configured for maximum resistance to attack, yet the firewall logs showed that there was a continuous heavy use of bandwidth from the Asterisk PBX to some address on the Internet. The fact that the outbound traffic was using approximately four times the bandwidth of the inbound made me think it must be some malware running on the server. This misconception caused me a considerable delay before I finally thought to run tcpdump and see exactly what was going on. By the way, the Asterisk CLI command “sip set debug on” will also show what is happening, but you may then find it difficult to turn off the sip debug because of the rate at which information is being written to the screen. Running “tcpdump udp -nn” at the Linux command prompt is safer because it just writes one line to the screen per request and Control-C is all that is required to stop it.
The outbound UDP packets outnumbered the inbound because Asterisk was sending a rejection for each registration attempt and then re-sending it when it didn’t get an ACK response – it would send as many as 5 responses to every one inbound REGISTER request. With inbound requests running at nearly 100 per second this was causing it a bit of a headache. 

Blocking the attack

As soon as I realised what was happening, it was relatively simple to add a firewall rule to block all inbound data from the single IP address that was sending the requests. Yes, it was all from one IP address and No, contacting the owners of that address was as much use as a chocolate teapot. 
As soon as I blocked the inbound requests, the remote users were suddenly able to make calls again and everything went quiet. Job done I thought. Well, not quite. 

It just carried on and on

I assumed the attack would stop pretty quickly once the inbound packets were blocked at the firewall and no responses were coming back from Asterisk. Not so. I checked the traffic monitor on their firewall the next day and the day after. The inbound stream of requests was still there. After a week, the firewall began to creak and get sick because it was running out of memory. Well it is only a modest little Draytek router, but it is designed for a small business environment and should have been able to cope with the simple task of blocking a continuous stream of unwanted SIP requests coming from one IP address on the Internet. In my opinion, someone at Draytek should be shot for designing a router/firewall that adds an entry to the NAT sessions table before it inspects the firewall rules to see if the source address is blocked! 
So a quick solution at this point was to add a rule to iptables on the Asterisk box and let the requests come through the Draytek. That took the pressure off the Draytek, but no matter what ICMP response I sent back (including no response), the requests just kept flooding in. If anything, they were getting faster and using more bandwidth (see graph below). 
I am now convinced that the unending nature of the attack is not deliberate, but is as a result of a bug in the code which puts it into an infinite loop. Clearly the people who produced these friendly-scanner hacking tools aren’t  as clever as they would no doubt like to believe. 

How to stop it completely

The answer was in a blog by Joshua Stein, to whom I am indebted. His solution involved redirecting the requests to a new port so it would not be necessary to shut down the Asterisk PBX application. However, my client didn’t need 24×7 operation of their phone system so instead I just modified Joshua’s Ruby script to use port 5060, stopped Asterisk, ran the Ruby script and that was it. The requests just stopped. Then I restarted Asterisk. This graph from the firewall shows the bandwidth being used over a week and the abrupt end of the problem when I finally ran Joshua’s script. 
Internet bandwidth as a graph during friendly scanner attack
Graph of Internet bandwidth

Using Joshua’s Ruby script on a CentOS server

Install Ruby using yum: yum install ruby 
Copy the script from the box below and paste it into a file. I called my file spoof_sip_ok. (If you use a text editor like vi or nano while connected through SSH with Putty, then a right-click of the mouse will paste text previously copied into the clipboard). The original script is no longer available at Joshua’s own blog site, so I have reproduced the whole thing here with a couple of minor adjustments: 
#!/usr/bin/env ruby
require "socket"

s = UDPSocket.new
s.bind("0.0.0.0", 5060)
while true
  packet = s.recvfrom(1024)

  via = packet[0].match(/Via: (.+);rport/)[1]
  from = packet[0].match(/From: (.+)/)[1]
  to = packet[0].match(/To: (.+)/)[1]
  call_id = packet[0].match(/Call-ID: (.+)/)[1]
  cseq = packet[0].match(/CSeq: (\d+) REGISTER/)[1]

  remote_ip = packet[1][3]
  remote_port = packet[1][1].to_i

  puts packet.inspect

  if packet[0].match(/^REGISTER /)
    ret = "SIP/2.0 200 OK\r\n" +
      "Via: #{via};received=#{remote_ip}\r\n" +
      "From: #{from}\r\n" +
      "To: #{to}\r\n" +
      "Call-ID: #{call_id}\r\n" +
      "CSeq: #{cseq.to_i + 1} REGISTER\r\n" +
      "\r\n"

    puts "sending to #{remote_ip}:#{remote_port}:\n#{ret}"

    s.send(ret, 0, remote_ip, remote_port)
  end
end
 
 
You can insert your own server’s IP address in the s.bind parameters if you want, but 0.0.0.0 should just bind to all interfaces. Also remember to make the file executable, for example using the Linux command chmod 755 spoof_sip_ok
The original article was at “http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood”, but the whole domain seems to no longer be active (as of March 2013).
Before you run the above version of the script, make sure Asterisk is stopped. I found it would immediately restart when I used ”amportal stop” and instead used the CLI command “stop now”. You can check that it has stopped by typing this command at the Linux command prompt: netstat -lunp 
If Asterisk is running, it will be using port 5060 and the output of the netstat command would look like this: 
user@asterisk:~ $ netstat -lunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address   State    PID/Program name
udp        0      0 0.0.0.0:5060      0.0.0.0:*                  16301/asterisk

To run the Ruby script, just type ./spoof_sip_ok at the Linux prompt.