Efficient and Legal War Dialers for Asterisk and Unix/Linux

It's been a while since we posted about anything important. Sorry about that guys, some other stuff is taking off and haven't had much time to devote to this site. Today we present you with a little article about war dialing.

If you're not familiar with war dialing, it's a term from the BBS era, when we'd use things like Toneloc, and Bluebeep to search for modems that answered. This would give us huge lists of BBS's, banks, government offices and all sorts of cool things we could try to login to, or just share with friends.

Fast forward about a decade and a half, and now we have VOIP. You didn't think people wouldn't use war dialers with VOIP too did you, because you're wrong if you did. VOIP is a tremendously easy and fast way to use war dialers, both for finding dialup modems and for many other uses (pretty much anything you can think of).

Today we have a couple war dialers that we've found out there on the tubes;

iWAR - The war dialer your mother told you not to play with. This war dialer is completely free, and is written in C for Unix (will work on Linux, FreeBSD, OpenBSD, NetBSD, etc). Might even work with some trickery on windows with an emulator though we have not tried. This software has been around for a while and has an extensive feature list available. To name just a few of the highlights;

• Full and normal logging
• Ascii flat file and MySQL Logging
• Random or sequential dialing
• Remote System Identification
• Supports regular modems or IAX2
• Much much more

iWAR has been around for a while, and we've even posted about it before. If you're looking for something to test out your systems (legally only of course!) or to test your clients system this is a great way to do it, especially with the modem and IAX support it has.iWAR is affiliated with the wicked cool Telephreak.org one of the neatest "greyhat" VOIP sites and services around. Check them out when you can.

We've also come across one other VOIP based war dialer.

WarVOX - Is a new suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX is a great tool for finding all sorts of interesting numbers or systems out there, not to mention it's great for securing your onsite, or client VOIP installations. Go ahead and give WarVOX a try.

And finally we come to the last War Dialer, this one created in Python

PAW/PAWS Wardialer - PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and "modern" analog modems (running at 9.6kbit/s or higher). Wardialing tools are - despite their martialic naming - used to find nonauthorized modems so one can disable those and as result make access to the internal network harder.

Obviously, PAWS doesn't have much use in North America (but it does have some!) - it's more geared towards European testing and analysis. Give it a try and let us know what you think.

If you need some DID's to do your testing from, don't forget to check out Link2Voip for cheap rates and cheap DIDs!

Know of any other cool war dialers? Let us know in the comments!

Installing and Configuring chan_mobile for Bluetooth Presence support in Asterisk 1.6

Following this tutorial on how to get Chan_Mobile working with Asterisk for Bluetooth support for our headsets and mobile phones we worked out how to get it working on Asterisk 1.6.

We figured we would share this information with our readers incase they were interested in Bluetooth for Asterisk and the capabilities it will open up to their system. Just think, the server will know when you're in the room or out of the office and other fancy things.

First you should make sure that your Bluetooth Dongle works with Asterisk, and that your Cellular Phone is known to work with Asterisk and Bluetooth. You can verify all this information over at the Voip-Info Chan_Mobile page.

Requirements:

• Asterisk PBX
• Bluetooth Support (Motherboard or Dongle)
• Cellular Phone with Bluetooth support
• Bluez Bluetooth Libraries and Development Headers

Tutorial:

So, first we have to install some pre-requisite software. We'll assume that you already have Linux installed, your kernel is compiled, Asterisk is installed and working, and that you have a basic familiarity with Linux commands. We've written this tutorial for Ubuntu, using FreePBX so instructions may change based on your OS or Asterisk Configuration GUI.

So, lets get down to business shall we.

First, install Bluez Utilities on your Server

# apt-get install bluez-utils bluez-hcidump

Now Configure Bluez to work with your server and dongle. We won't go into depth on this as it mostly "just works" but there are ample tutorials and documentation if your dongle is a little finiky on your system.

Now, open up the file hcid.conf in the Bluetooth configuration directory, and match the contents to the following.

# nano /etc/bluetooth/hcid.conf

Erase the contents, and replace it with this

# HCId options
options {
autoinit yes;
security auto;
pairing multi;
passkey "1234";
}

device {
name "Our PBX System";
class 0x3e0100;
iscan enable; pscan enable;
discovto 0;
lm accept;
lp rswitch,hold,sniff,park;
}

options {
autoinit yes;
security auto;
pairing multi;
pin_helper /etc/bluetooth/pin;
}

Note you can also experiment with making Asterisk a handsfree headset, but we won't go over this in this tutorial. The following lines can be added to your hcid.conf in replacement of the "Our PBX System" device mentioned above if you want to try this:

device {
name "Asterisk";
class 0x200404;
iscan enable;
pscan enable;
lm accept;
lp rswitch,hold,sniff,park;
}

Now that our bluetooth is configured, we can go back to configuring Asterisk to work with Chan Mobile for Bluetooth Support. We'll assume you already have Asterisk 1.6 running on your machine for this to work. If not, compile it and instal it!

Now, Enter the directory with your Asterisk-Addons 1.6 source.

# cd /opt/asterisk/asterisk-addons-1.6.0/

Issue your configure line

# make distclean
# ./configure --with-bluetooth

Now, issue the configure menu tree

# make menuselect

Now, on the left hand side, hit the down arrow button until you get to the Channel Drivers section. On the right hand side, you should see "chan_mobile" with a little "*" next to it telling us it's enabled.

[*] chan_mobile

If you don't, pretty right on your arrow keys, and then press the enter key to select chan_mobile. Exit the configuration menu by pressing F12 to save your changes.

Now, build Asterisk-Addons 1.6 as you normally would

# make
# make install

This will place chan_mobile.so into /usr/lib/asterisk/modules so the next time you start Asterisk it will be available.

We're pretty much done the "difficult" stuff now, and just need to go on and start bluetooth on our system and then configure Asterisk to work with it.

So, start up bluetooth

# /etc/init.d/bluetooth start

Now, lets make sure that Bluetooth is running and sees our devices

# hcitool dev

This should output some information like this:

Devices:
hci0 00:50:B6:80:34:DD

Make a note of the "hardware" address in a text file or somewhere handy because we will need it later. The hardware address is the one that looks like a MAC address. In this case it's "00:50:B6:80:34:DD" note that your system will be different.

Now, lets edit Asterisk's mobile configuration file

# nano /etc/asterisk/mobile.conf

Add your Bluetooth Adapter to the file like this, using the Hardware ID from the hcitool command you ran above. There should already be an entry that looks similar to this (with an id=blue) just replace the hardware ID in this entry with yours.

[adapter]
id=blue
address=00:50:B6:80:34:DD
;forcemaster=yes
;alignmentdetection=yes

Now exit and save the file.

Before we forget, we should add bluetooth to the startup options of the server if it's not already there. Do so like this;

# update-rc.d bluetooth defaults

Now, in order for other devices to be able to see your server and vice-versa we have to make it discoverable. That's done with the following command.

# dbus-send --system --type=method_call --print-reply --dest=org.bluez /org/bluez/hci0 org.bluez.Adapter.SetMode string:discoverable

The fun begins right about now. Go and get your mobile phone. Turn bluetooth on on the phone. You should see your Asterisk PBX in the list of discoverable devices. Double click on it to add it to your device, and input the security key of 1234 when prompted.

Note that on our windows mobile 6.1 devices, after adding the Asterisk PBX to our bluetooth list, we also had to click on it and then hit refresh services list a few times until it showed us "Bluetooth Headset" as a list of supported options. We selected it on the screen, and closed the bluetooth configuration on our HTC Tytn II (Kaiser) test devices.

Now it's time to make your phone discoverable so the PBX can attach to it. Go back to your phone, and find the option to enable bluetooth discovery. Turn it on.

Now from the Asterisk Server Command Line we should be able to issue this command to search for our Bluetooth Mobile Phone.

# hcitool scan

It should show you a list of results like this

Scanning ...
00:16:BC:1F:E1:E8 Phone1
00:17:83:6F:BD:51 Phone2

In our example, we'll only be connecting to Phone2. One finicky thing we noticed is that if you want to connect more than one mobile phone at a time, you need a dongle to match. So, for example if you want to connect 5 bluetooth mobile phones, you would also need 5 bluetooth dongles, and 5 free USB ports (or a USB HUB) to get it all working. We've never tried with more than 2 bluetooth phones, so your mileage may vary.

If you don't see your phone, something is wrong - try the above steps again to see if it fixes it.

Now continue on by stopping Asterisk PBX, and reloading it to take advantage of our new chan_mobile module.

# /etc/init.d/asterisk stop

Now start Asterisk in debug mode so you can verify everything is working.

# asterisk -vvvvvvvvvvvvvgc

Now type this command on the Asterisk CLI to find your mobile devices

*CLI> mobile search

You should see something similar to the following

Address Name Usable Type Port
00:17:83:6F:BD:51 Phone2 Yes Phone 2
00:13:33:44:4d:23 Phone1 Yes Phone 5

The above is a listing of all Bluetooth devices available to your Asterisk PBX.

• The Address Field is the Device Identifier Code (MAC Address)
• The Name Field holds the name of the device (Phone1)
• The Usable Field tells us if the phone is Usable by Asterisk or not (Yes/No)
• The Type Field tells us if it's a Phone (FXO) or a Headset (FXS) device
• The Port Field tells us which port the phone is using

Make a note of this information and continue on to the next step.

Now, exit Asterisk by typing "stop now" on the command line

*CLI> stop now

You'll be back at the CLI now.

In our example, we'll be using Phone2 to configure to work with Asterisk.

Go back and edit your mobile configuration file in /etc/asterisk to look similar to this

# nano /etc/asterisk/mobile.conf

Add something similar to the following below the adapter configuration you added earlier in the tutorial.

[TytnII]
address=00:17:83:6F:BD:51
port=2
context=from-pstn
adapter=blue
;group=1

If you are configuring a headset, the line would look something like this instead

[headset]
address=xx:xx:xx:xx:xx:xx ; the address of the headset
port=x ; the port number
type=headset ; tells asterisk it is a headset
adapter=blue ; adapter to use

Now you can start asterisk again. I would start it in debug mode so you can verify your phone is connected.

# asterisk -vvvvvvvvvvvvvvvgc

You should see messages similar to the following on the Asterisk Console letting you know your device has connected to Asterisk

-- Bluetooth Device TytnII has connected.
-- Bluetooth Device TytnII initialised and ready.

And if you issue the show devices command

*CLI> mobile show devices

You should see something like this

ID Address Group Adapter Connected State SMS
TytnII 00:17:83:6F:BD:51 0 blue Yes Free No

This means your phone is now connected to Asterisk. Depending on the context you put it in, if a call comes in to your cellular phone and you are within proximity of your Asterisk server it should route over to your one of your SIP extensions. Asterisk will automatically pair and unpair with your mobile phone as you come in and out of range respectively. Cool huh?

It is worth it to mention this warning from the original article as well: "Important: Watch what your cell phone is doing the first few times. Asterisk won’t make random calls but if chan_mobile fails to hang up for some reason and you get a huge bill from your telco, don’t blame me."

Hope you enjoyed this tutorial, let us know if you have any comments or other fun ideas to do with chan_mobile, bluetooth and Asterisk in the comments!

APSTel Visual Dialplan version 2.0 is available. Creating Visual Dialplans for Asterisk has never been easier!

Remember, this is a great utility to use for your Asterisk PBX, as well as for our sister site - ratemydialplan.com - With the new version of APSTel Visual Dialplan you can export your diagrams for easy uploading to the Rate My Asterisk Dialplan site. Looking forward to seeing all your new diagrams using this wicked software. Here's the complete news release.

The fastest way to build the Asterisk dialplan

Visual Dialplan for Asterisk is modern rapid application development platform for Asterisk dial plan development.

It comes with drag-and-drop visual modeling environment and large component library, handy dial plan samples, powerful validation engine, and single button deployment functionality. It even learns about Asterisk server configuration, pre-populates library components with configuration data and validates dial plan accordingly.

Visual Dialplan is the only Asterisk GUI that provides full access to Asterisk dialplan potential.

What is new in this release?

* Asterisk server configuration view
* Pre-populated components with configuration data read from Asterisk server
* More powerful validation engine that now validates dial plan against Asterisk server configuration data
* Ability to fine tune validation engine behavior
* Improved GUI with descriptive toolbar icons
* Ability to save dial plan graphical presentation as image file
* Cepstral Text-to-Speech support
* and more...

It is easy to use Visual Dialplan. Simply download full functional trial version, install it in a minute and discover how easy Asterisk dialplan development can be!

Free APSTel Visual Dialplan Download from RatemyDialplan.com

• Windows Visual Dialplan - Std and Pro
• APSTel Visual Dialplan Professional - Windows
• APSTel Visual Dialplan Standard - Windows

• Linux Visual Dialplan - Std and Pro
• APSTel Visual Dialplan Professional - Linux
• APSTel Visual Dialplan Standard - Linux

Asterisk Resource Exhaustion, Quite Possible and Easy with recent Exploits

Voip Zero Day has an interesting post about the recent exploits seen with Asterisk that enable very easy, remote DoS'ing of PBX's. From the article:

"During The Last HOPE an IAX Resource Exhaustion 0day DoS was released for the Asterisk PBX. This 0day was in the wild for 4 days before a patch was released.

During these four days, any attacker could have attacked any publicly accessible Asterisk server and forced it to stop processing all phone calls. What hasn’t been talked about is how the exploit could have been weaponized to attack on a global scale.

Take the minimal components of an Asterisk Resource Exhaustion exploit and re-factor it into the iaxPingPoker, which was an Asterisk IAX2 port scanner that was also released at The Last HOPE. This port scanner can be used to determine lists of valid Asterisk servers on the Internet. With only a few additional mechanisms, any Asterisk RE exploit can allow for autonomous DoS attacks targeting any and every Asterisk server autonomously."

Reminds us to keep our PBX's up to date and that we should always be weary of running a software PBX that we must maintain, and keep up to date with these types of issues. The only real solution of course is to unplug from the Internet, but, then what use is VOIP?

Read the full article here: Suspect: Asterisk Resource Exhaustion

New Facebook Application for voting on Asterisk Based Services and Applications.

Hi all,

Just a heads up, I've added a voting section for products, etc that work with Asterisk to the AsteriskWatch application on FaceBook:

http://apps.facebook.com/asterisk/

If you produce a product for Asterisk in any of the categories below and use FaceBook, you should log in and add your products.

* Low End VoIP Phones
* Mid Range VoIP Phones
* High End VoIP Phones
* Low Density ATA
* High Density VoIP Gateways
* Analogue Cards
* Basic Rate ISDN (BRI) Cards
* Primary Rate ISDN (PRI) Cards
* Rack Mount Servers
* Embedded Servers
* Asterisk Distributions
* Call Centre Software
* Screen Popping
* Monitoring
* Asterisk Config Management
* Asterisk GUIs
* Asterisk Websites

Users receive points for voting on the products and adding points to increase their ranking in the community. You can also get points for the following:

* 1-5 Patches accepted into Asterisk: 25 points
* 5-10 Patches accepted into Asterisk: 50 points
* Many Patches accepted into Asterisk: 120 points
* Documentation Written: 40 points
* Tech Support Given: 20 points
* Mailing List Support Given: 25 points
* Asterisk Version Supplied: 1 point
* Description Supplied: 1 point
* URL Given: 1 point
* 1st Favourite Asterisk Use Supplied: 1 point
* 2nd Favourite Asterisk Use Supplied: 1 point
* Invites to AsteriskWatch: 5 points each
* Written an Open Source application for Asterisk: 35 points
* Contributed to an Asterisk related Open Source project: 30 points
* Gave their vote for the Asterisk products: 1 point for each vote
* Added Asterisk Products: 3 point for each entry

The current leader is Steve Davies with 330 points.

Every product that is added to the database is also given a unique comments system so that users can respond with how they've found the products.

If you would like me to upload a photo to your database entry please send me a link to a small picture (will be changed to 150px) by adding a comment to the forum section.

Thanks for your time.

- --
Kind Regards,

Matt Riddell
Director

How to get Asterisk PBX running on your Amazon EC2 Setup.

Found this on the mailing list today, looks pretty interesting. It's nice to see tutorials for differnent types of services and where Asterisk is expanding to.. readon for the howto..

I've just added a PREVIEW release of my upcoming how-to guide for Asterisk PBX on EC2. It is based on months of testing and evaluating Asterisk on EC2. It addresses all kinks and showstoppers that many people have experienced over the past year or so. Because this is a preview, it is not the final version of this guide. It is subject to change (format, copy, layout, etc.)

To view and download this guide, please visit http://ronaldlewis.com/2008/07/08/asterisk-pbx-on-amazon-ec2-how-to-guide-almost-complete/

Please take this opportunity to test the guide and provide any feedback. The official release is set for Wednesday, July 16 and will be available on CloudCrunch.

Thanks!

Ronald Lewis
Denver, Colorado
http://ronaldlewis.com

OLPC Sound Samples – Off topic sorta, but free is cool!

The OLPC (One Laptop Per Child, "100$ Laptop") project has announced a collection of 10GB of sound samples:

http://wiki.laptop.org/go/Sound_samples

License: CC-BY (explicitly allows public performance for commercial purpose).

Next Page »