Registering to Asterisk Behind Cisco Routers

Tonight a buddy and myself were playing with Asterisk. In order for him to be able to register to my server from outside my network we had to make some changes to my router. I am behind a Cisco 2650 Router, and we had to disable this in IOS:

no ip nat service sip udp port 5060

Note, that once this is disabled, you will no longer be able to register out to other Asterisk Servers until you re-enable it with.

ip nat service sip udp port 5060

Asterisk 1.6.0-beta7 – Compile Chan_Mobile Fixes!

There's a small change in Asterisk 1.6.0-beta7's dsp.c. In order to compile chan_mobile you will have to do this.

1. enter your asterisk-addons directory

# cd asterisk-addons-1.6.0-beta2

2. enter the channels directory

# cd channels

3. edit the chan_mobile.c

# nano chan_mobile.c

4. Go to line 2000 and 2001

they look like this

ast_dsp_set_features(pvt->dsp, DSP_FEATURE_DTMF_DETECT);
ast_dsp_digitmode(pvt->dsp, DSP_DIGITMODE_DTMF | DSP_DIGITMODE_RELAXDTMF);

change them to look like this

ast_dsp_set_features(pvt->dsp, DSP_FEATURE_DIGIT_DETECT);
ast_dsp_set_digitmode(pvt->dsp, DSP_DIGITMODE_DTMF | DSP_DIGITMODE_RELAXDTMF);

now chan mobile will compile and run properly when you start asterisk.

enjoy!

Enable the Hidden VOIP Features of Windows Mobile 6.x for Free* VOIP Calls using Asterisk

Tonight I was playing around with my new HTC TYTN (ATT TILT) and found this blog explained there's a hidden feature on Windows Mobile - an included VOIP client.

REALLY? yup. FREE? yup. Not kidding.

It's pretty easy to install too, just follow these steps, and then you're up and running in no time making crystal clear VOIP over WIFI calls.

Note, you will need a membership to XDA Developers to gain the best of this. Otherwise you can download the files required at the bottom of this post.

Instructions to get Free (WIFI) VOIP SIP Calling on your Windows Mobile Device Using Asterisk:

1. Visit this Page on XDA Developers. Download the VOIP Soft Client.

2. Install the Client to your Windows Mobile Device in the regular Fashion.

3. Soft Reset your Windows Mobile (Unsure if this is required).

4. Download and Install this Configuration Utility from XDA Developers to your Windows Mobile Device in order to configure your SIP settings.

5. Enter the configuration for your SIP server.

Provider name: myuser
User account: 123
Password: 321
registrar address: sip.myserver.com port 5060 UDP
proxy address: sip.myserver.com port 5060 UDP

5. Save your SIP settings. Soft Reset Device again (This appears to be needed).

6. You should now see "Internet Calling" on your home screen. Verify that it has connected to the account on your Asterisk Server.

7. We set ours to "always prefer internet for calling". This way when we are in range of a WIFI network that the phone knows about, it will always try internet calling instead of 3G/GSM first.

That's it. Easy eh. I'm sad to admit I'm actually liking this Microsoft stuff for once :(.

Here are the files if you don't have an XDA (Free) account.

• SipConfigTool_2_0_1.CAB
• WM6VoIP.CAB

Enjoy.

New Tutorial: Asterisk on EPIA VIA C3

Hello list,
after spending the best part of an afternoon trying to build Asterisk on
an old EPIA VIA C3, I thought that writing a tutorial would make life
easier for future compilers:

http://astrecipes.net/index.php?n=356

I had never compiled Asterisk for a different architecture, and I'm pretty
disappointed at how complex it is - building Zaptel, Libpri and Asterisk
requires discovering three different procedures, and even passing the
required architecture to the autoconfig module was not enough for a clean
build - libpthread and libresolv would not link, so you have to add them
manually. Aybody got an idea of who should be notified of this immediate
problem, apart for the time-wasteful general compilation procedure?

Thanks
l.

Asterisk 1.4.19-rc4 and 1.6.0-beta7 Now Available

The Asterisk.org development team has released Asterisk versions 1.4.19-rc4 and
1.6.0-beta7.

These releases contain significant bug fixes over the previous pre-releases of
1.4.19 and 1.6.0. We would like to thank everyone for all of the help with
pre-release testing. Unless anything new comes up, 1.4.19 will be released at
the beginning of next week.

Both releases are available for download from http://downloads.digium.com/.

Thank you for your support!

How to Secure VOIP from Eweek

from here...

The time to secure VOIP traffic is now, before the threats outweigh the benefits of this cost-saving communications technology.

When it comes to voice over IP, progress is a double-edged sword.

The technology offers a host of benefits, from lower calling costs and greater mobility to advanced functions like unified messaging and collaborative whiteboarding. But as VOIP matures, and as hackers become more familiar with its intricacies, the threats may someday equal the benefits—unless companies prepare now.

Today, the biggest VOIP-related security threats are inside a company's firewall. That's because, for the most part, most systems still rely on a combination of an IP network and the PSTN (Public Switched Telephone Network) land-line network. Each time a device engages in a VOIP call, the VOIP phone number's IP address is translated into a standard phone number, which is passed through the PSTN network.

That can be exploited, for example by an employee listening in on a phone call or changing a configuration setting to make the CEO's phone ring at the employee's desk. A malicious user—either a disgruntled employee or a hacker who managed to get inside the building—could launch a DoS (Denial of Service) attack that would flood the network so thoroughly that nobody would be able to make or receive calls.

There are remedies, however. The first step, said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group, is to harden management servers by turning off any unnecessary services and making sure that administrator passwords aren't obvious. Other important steps include keeping a record of which IP addresses are related to each user and logging activities, so if anyone makes changes to a configuration setting there will be a record of it.

"That way, if you suspect that somebody was listening in on a conversation, you could at least find out who it was and where they were listening in by relating that IP address from that IP phone to an actual person," Oltsik said.

But technology marches on. The next frontier, which promises to vastly improve the reliability of VOIP while further reducing costs, also will open up VOIP to more attacks.

That technology is SIP (Session Initiation Protocol) trunking, which routes calls over an IP network instead of the PSTN, allowing for voice and data through all IP connections. According to The Nemertes Research Group, 56 percent of enterprises today have either adopted or plan to adopt SIP trunking, with smaller businesses being particularly interested because of the potential cost savings.

But because an external IP network is involved, security concerns increase. Of particular concern are "vishing" and SPIT (spam over Internet telephony). SPIT is basically spam over VOIP—unsolicited advertising that appears in a VOIP voice mailbox. Attackers can send messages to thousands of recipients simultaneously. Vishing, a term formed from "voice phishing," is the process of persuading users by e-mail, text message or phone call to divulge personal information such as Social Security and credit card numbers. This is fairly easy to do, unfortunately, since attackers can "spoof" the caller ID that users see to make the call appear to come from a legitimate organization. Vishers also can send messages in bulk.

"Now you have that direct IP link from your service provider into your VOIP network, somebody could theoretically reach your phone system components across the public Internet, so companies have to take more precautions," said Irwin Lazar, a principal analyst at Nemertes Research Group.

The first step in protecting against such threats is to bolster encryption by encoding and decoding information securely. Doing so will verify senders' identities, guarantee that a message's sender can't deny later that the message was sent, ensure that messages haven't been altered during transmission and help ensure privacy.

Additionally, a VPN will enable trusted users to securely connect to a VOIP system from untrusted networks. Internally, a VPN effectively separates the VOIP network from the underlying data network, sparing the phone system from any attacks on the rest of the network.

Another good practice is implementing an IPS (intrusion prevention system). Installed at the network's perimeter, an IPS scans for known signatures while blocking or allowing traffic based on application content rather than IP addresses or ports. An IPS can dynamically modify firewall rules or terminate a network session when necessary. Many firewall vendors now offer this tool.

It is also a good idea to implement session border controls. Residing on the network, these control session traffic as it crosses networks or network segments but allow VOIP to connect to other networks despite obstacles like firewalls and NAT (Network Address Translation) devices. This technology protects against SPIT and vishing attacks, and any type of attack that consists of attackers trying to send malformed packets or call requests they shouldn't be sending, Lazar said. Vendors offering this technology include Acme Packet, Covergence, Sipera Systems and BorderWare Technologies.

Finally, consider a voice-aware firewall, which is optimized by voice, allowing the opening of ports only when a connection must be established.

Many vendors, such as Sipera, Astaro, Check Point Software Technologies, Cisco Systems, Crossbeam Systems, Fortinet, Juniper Networks and SonicWall, now offer combination security tools that include encryption, firewall, virus scanning, session border control, and intrusion detection and prevention.

Bypass annoying IVR menus? New Service lets you do it – easily!

Found this over at SaundersLog today.. no word if this service is using Asterisk.. but i think it's a pretty safe bet..

“Deep Dial” to bypass annoying IVR trees

I finally had the opportunity to catch up with Fonolo's Shai Berger last week at the VON.x show, and learn what they're all about. Fonolo's "Deep dialing" let's users skip the IVR tree of the companies that they dial in to, and just reach the person they need to reach. A user starts by finding the company he needs on the Fonolo Web site, then visually scans through the phone menu and clicks on the appropriate point. Fonolo will then dial the company, navigate the phone system and call the user’s phone. When the user answers, he will be connected to the desired point in the menu. Furthermore, the user can bookmark this point inside the menu so that in the future, it is only a click away. With Fonolo, users can navigate the call-path options visually, on a computer or mobile device, then click to be connected directly, rather than plodding through the menus step-by-step.

It's like a search engine spider that catalogs the worlds IVR trees, rather than web sites. What a clever idea!

In private beta now (sign up here), they expect to be out later this year.

Next Page »