Home Forums Search Search Results for 'code'

Need a new search?

If you didn't find what you were looking for, try a new search!

Viewing 15 results - 76 through 90 (of 113 total)
Previous 1 2 3 5 6 7 8 Next
  • Author
    Search Results
  • Telium Support Group
    Moderator
    June 20, 2017 at 7:48 am
    Post count: 263
    #6724 In reply to: Failed upgrade to FreePBX |

    Regardless of how you update FreePBX(TM) (command line or GUI), you must follow the procedure listed in the HAAst maintenance guide – or the shortcut above.

    By ignoring the instructions you have synced new database contents to old FreePBX code. FreePBX on the standby will be confused and refuse to start. The only solution is to bring the FreePBX code and database back into alignment.

    I really hope you heeded our warning to BACKUP YOUR SYSTEM before applying any FreePBX’s updates, enabling modules, etc. The quickest solution is to unplug the standby and restore from the backup. After that resume at step 2 in the link you posted, and apply the same updates/changes you made to your active peer.

    We see this problem a couple of times per year when a user doesn’t follow the upgrade instructions. The solution is simple: just restore your system level backup and resume at step 2 in the link you posted above.

    Some users have described the FreePBX PHP code as ‘a tangled and fragile mess’. And we have seen FreePBX systems implode because of a (FreePBX) module changing the schema and other modules (or core FreePBX) didn’t like it. You must be very careful with FreePBX changes/updates. (This does not apply to other configuration generators or Asterisk itself).

    Telium Support Group
    Moderator
    May 3, 2017 at 12:56 am
    Post count: 263
    #6704 In reply to: Cluster status via socket |

    To help customers trying to extract status information, here is a sample python script that retrieves and prints the local status:


    # Example python script to retrieve local HAAst status
    import socket
    import sys
    # End of packet marker
    READYPROMPT=’ready>’
    # Create a UDS socket
    sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    # Connect the socket to the port where the server is listening
    server_address = ‘/run/haast.sock’
    try:
    sock.connect(server_address)
    except socket.error, msg:
    print >>sys.stderr, msg
    sys.exit(1)
    # Wait for a packet
    def receivepacket():
    global sock
    total_data=[];data=”
    while True:
    data=sock.recv(8192)
    if READYPROMPT in data:
    total_data.append(data[:data.find(READYPROMPT)])
    break
    total_data.append(data)
    if len(total_data)>2:
    #check if end_of_data was split
    last_pair=total_data[-2]+total_data[-1]
    if READYPROMPT in last_pair:
    total_data[-2]=last_pair[:last_pair.find(READYPROMPT)]
    total_data.pop()
    break
    return ”.join(total_data).replace(‘r’,”).replace(‘nn’,’n’)
    # Send a packet
    def sendpacket(message):
    global sock
    success = 1
    try:
    # Send data
    message += ‘nn’
    # print >>sys.stderr, ‘sending “%s”‘%message
    sock.sendall(message)
    amount_received = 0
    amount_expected = len(message)
    while amount_received < amount_expected: data = sock.recv(16) amount_received += len(data) finally: # print >>sys.stderr, ‘closing socket’
    # sock.close()
    success = 0
    return success
    got = receivepacket()
    sendpacket(“id:123ncommand:getstatus”)
    got = receivepacket()
    for item in got.split(“n”):
    if “local haast state formatted:” in item:
    print item.strip()
    sock.close()

    Customer Inquiry
    Participant
    April 23, 2017 at 10:03 pm
    Post count: 201
    #6486
    Topic: Can’t download files – all transfer types fail in forum General |

    I’m trying to download files from your download tab, but every transfer method I use seems to cause errors. Here are the details:

    • FTP Pull: I tried to use the FTP pull method but my FTP client shows an error like this:

      425 Could not open data connection to port 41206: No route to host

    • FTP Push: I tried to use FTP push but the transfer status shows the following error after 30 seconds:

      Failed. Could not connect to myhost.mydomain.com on port 21.

    • wget: I tried to download the file using the URL you provide but instead of downloading the package I get a file called:

      index.html?a:dp~p:haast~v:2.3.7~d:rh6~r:x86_64

    • browser: I tried to download the file using my browser but when I try to untar the file I see this:

      tar: This does not look like a tar archive

    teliumcustomer19
    Participant
    April 19, 2017 at 5:42 pm
    Post count: 2
    #6703 In reply to: iptables+fireHOL not blocking IP’s |

    Quote:
    I suggest you stop SecAst, delete the secast log file, and restart Secast, then manually ban 1 IP. Either post the secast log (or send to support@telium.io if you are concerned about making content public) and we can look there for further clues.

    If this is a commercial environment keep in mind that we recommend blocking attackers at the network edge (firewall) – letting SecAst add rules to your firewall.

    Your recommendation may have worked. Evidence follows…

    /etc/xdg/telium/secast.conf


    [asterisk] ;=================================================================

    ; Location of logfile containing security related messages. In versions of
    ; Asterisk prior to 10 this would normally be the primary messages file
    ; (/var/log/asterisk/messages), while in later versions of Asterisk this would
    ; be the security file (/var/log/asterisk/security)
    securitylog=”/var/log/asterisk/messages”
    ;securitylog=/var/log/asterisk/security

    ; hostname or ip address of the Asterisk server. Normally this should be set
    ; to “localhost” but can be any valid IP/hostname
    hostname=”localhost”

    ; Port number to connect to Asterisk Management Interface (AMI). This should
    ; match the port settings of the manager.conf file on the Asterisk server.
    ; This is normally set to 5038
    port=5038

    ; Username used for authentication to the AMI. This should match the section
    ; heading in the manager.conf file on the Asterisk server. Normally this
    ; should be set to “secast”
    username=”secast”

    ; Secret used for authentication to the AMI. This should match the secret set
    ; in the section heading for the username above, in the manager.conf file on
    ; the Asterisk server. This should not be left at the default of “secast”
    secret=”MySecret”

    Asterisk Console

    pluto*CLI>
    [Apr 19 09:40:59] ERROR[13625]: utils.c:1446 ast_careful_fwrite: fwrite() returned error: Broken pipe
    [Apr 19 09:40:59] ERROR[13625]: utils.c:1446 ast_careful_fwrite: fwrite() returned error: Broken pipe
    == Manager ‘secast’ logged off from 127.0.0.1
    == Manager ‘secast’ logged on from 127.0.0.1
    pluto*CLI>

    /var/log/secast

    root@pluto:/var/log# /usr/local/secast/secast
    secast version 1.4.7 started under PID 2502
    secast switched to daemon under PID 2503
    root@pluto:/var/log# cat /var/log/secast
    Wed Apr 19 09:44:13 2017, 00000100, I, General, SecAst version 1.4.1103 starting as daemon under process ID 2503
    Wed Apr 19 09:44:13 2017, 00001011, W, License, License file not found. Switching to Free Edition
    Wed Apr 19 09:44:13 2017, 00000122, I, General, Settings contained 0 information; 0 warning; and 0 error messages.
    Wed Apr 19 09:44:13 2017, 00000300, I, Controller, Telnet server listening on 0.0.0.0:3000
    Wed Apr 19 09:44:13 2017, 00001600, I, Controller, Pipe server listening on /run/secast.sock
    Wed Apr 19 09:44:13 2017, 00000702, E, System Command, Failed to determine if iptables chain exists. Run result 0; exitcode 1
    Wed Apr 19 09:44:13 2017, 00001302, I, Geo IP, Opened GeoIP database
    Wed Apr 19 09:44:13 2017, 00002837, I, Controller, Restoring recovering state from file created by host ‘Arno-PBX’ at Wed Apr 19 09:41:05 2017
    Wed Apr 19 09:44:13 2017, 00002831, I, Controller, Recovery state will be saved every 60 seconds
    Wed Apr 19 09:44:13 2017, 00001258, I, Asterisk Controller, Starting
    Wed Apr 19 09:44:18 2017, 00000801, E, Alert, Failed to send email: SecAst Starting
    Wed Apr 19 09:44:18 2017, 00000107, I, General, SecAst state changing to not protecting
    Wed Apr 19 09:44:23 2017, 00000801, E, Alert, Failed to send email: Entering Non-Protecting State
    Wed Apr 19 09:44:23 2017, 00000608, S, Security Event Queue, Banning recovery IP ‘163.172.121.136’ as managed
    Wed Apr 19 09:44:23 2017, 00000608, S, Security Event Queue, Banning recovery IP ‘212.83.134.244’ as managed
    Wed Apr 19 09:44:23 2017, 00000608, S, Security Event Queue, Banning recovery IP ‘212.83.130.10’ as managed
    Wed Apr 19 09:44:23 2017, 00000608, S, Security Event Queue, Banning recovery IP ‘195.154.38.22’ as managed
    Wed Apr 19 09:44:23 2017, 00000608, S, Security Event Queue, Banning recovery IP ‘69.30.245.18’ as managed
    Wed Apr 19 09:44:23 2017, 00001201, I, Asterisk Controller, Connection established to AMI
    Wed Apr 19 09:44:23 2017, 00000108, I, General, SecAst state changing to protecting
    Wed Apr 19 09:44:28 2017, 00000801, E, Alert, Failed to send email: Entering Protecting State
    Wed Apr 19 09:44:31 2017, 00000202, I, Telnet Server, Client 1: Connecting from 127.0.0.1:47346
    Wed Apr 19 09:44:45 2017, 00000204, I, Telnet Server, Client 1: Executing command [status]
    Wed Apr 19 09:45:18 2017, 00000204, I, Telnet Server, Client 1: Executing command [banip add 1.2.3.4]
    Wed Apr 19 09:45:18 2017, 00000608, S, Security Event Queue, Banning manual IP ‘1.2.3.4’ as managed
    Wed Apr 19 09:45:29 2017, 00000204, I, Telnet Server, Client 1: Executing command [banip list]
    root@pluto:/var/log#

    SecAst Console

    pluto% telnet localhost 3000
    Trying ::1…
    Trying 127.0.0.1…
    Connected to localhost.
    Escape character is ‘^]’.
    SecAst telnet interface on ‘Arno-PBX’
    SecAst>status
    SecAst state: protecting
    Asterisk connection state: logged in
    Threat level: low
    IP banning enforcement: enforced
    Database status: disconnected
    Run Time: 31 seconds
    Intrusion attempts in window: 0
    Total instrusion attempts: 0
    IP’s Banned: 5 addresses
    IP’s Watched: 0 addresses
    Users Watched: 0 users
    SecAst>banip add 1.2.3.4
    Issued request to add IP 1.2.3.4. Check event log for errors, or use ‘banip list’ to confirm add
    SecAst>banip list
    163.172.121.136 2 days, 23 hours, 58 minutes, 43 seconds
    212.83.134.244 2 days, 23 hours, 58 minutes, 43 seconds
    212.83.130.10 2 days, 23 hours, 58 minutes, 43 seconds
    195.154.38.22 2 days, 23 hours, 58 minutes, 43 seconds
    69.30.245.18 2 days, 23 hours, 58 minutes, 43 seconds
    1.2.3.4 2 days, 23 hours, 59 minutes, 49 seconds
    SecAst>

    iptables entries

    root@pluto:~# iptables -nL|less
    Chain INPUT (policy DROP)
    target prot opt source destination
    SECAST all — 0.0.0.0/0 0.0.0.0/0
    DROP all — 69.30.245.18 0.0.0.0/0
    DROP all — 163.172.121.136 0.0.0.0/0
    DROP all — 212.83.130.10 0.0.0.0/0
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413
    DROP all -f 0.0.0.0/0 0.0.0.0/0
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:1024
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sipcli” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sip-scan” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “iWar” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sipvicious” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sipsak” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sundayddr” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “VaxSIPUserAgent” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “friendly-scanner” ALGO name bm TO 65535
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0
    in_mylan all — 0.0.0.0/0 0.0.0.0/0
    in_internet all — 0.0.0.0/0 0.0.0.0/0
    DROP all — 10.0.0.0/8 0.0.0.0/0
    DROP all — 169.254.0.0/16 0.0.0.0/0
    DROP all — 172.16.0.0/12 0.0.0.0/0
    DROP all — 127.0.0.0/8 0.0.0.0/0
    DROP all — 192.168.0.0/24 0.0.0.0/0
    DROP all — 224.0.0.0/4 0.0.0.0/0
    DROP all — 0.0.0.0/0 224.0.0.0/4
    DROP all — 240.0.0.0/5 0.0.0.0/0
    DROP all — 0.0.0.0/0 240.0.0.0/5
    DROP all — 0.0.0.0/8 0.0.0.0/0
    DROP all — 0.0.0.0/0 0.0.0.0/8
    DROP all — 0.0.0.0/0 239.255.255.0/24
    DROP all — 0.0.0.0/0 255.255.255.255
    DROP icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 17
    DROP icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 13
    ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
    DROP all — 0.0.0.0/0 0.0.0.0/0 state INVALID
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2
    DROP all — 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255
    all — 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255
    LOG tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix “portscan:”
    DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “IN-unknown:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy DROP)
    target prot opt source destination
    DROP all — 0.0.0.0/0 0.0.0.0/0 state INVALID
    DROP all — 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255
    all — 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255
    LOG tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix “portscan:”
    DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255
    in_lan2internet all — 0.0.0.0/0 0.0.0.0/0
    out_lan2internet all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “PASS-unknown:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0
    out_mylan all — 0.0.0.0/0 0.0.0.0/0
    out_internet all — 0.0.0.0/0 0.0.0.0/0
    DROP all — 0.0.0.0/0 0.0.0.0/0 state INVALID
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “OUT-unknown:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain SECAST (1 references)
    target prot opt source destination
    DROP all — 1.2.3.4 0.0.0.0/0
    DROP all — 69.30.245.18 0.0.0.0/0
    DROP all — 195.154.38.22 0.0.0.0/0
    DROP all — 212.83.130.10 0.0.0.0/0
    DROP all — 212.83.134.244 0.0.0.0/0
    DROP all — 163.172.121.136 0.0.0.0/0
    RETURN all — 0.0.0.0/0 0.0.0.0/0

    . . .

    This is a home installation.

    My intent is to let SecAst modify the firewall as necessary. I am concerned about interactions between SecAst and FireHOL. I have a lot more interaction with FireHOL than SecAst, so I’d really like a way to allow SecAst to “self heal” even if it is semi-automatic/manual. I could envision a command such as “SecAst> iptables init” with others such as “SecAst> iptables list” to show/verify what SecAst added to iptables. Or every N number of minutes (or with each new “detected” attack), have SecAst verify it’s installation in iptables and restore iptables as necessary from the BanIP list. Or even better, is there something I can add to FireHOL config /etc/firehol/firehol.conf which will call SecAst to re-add/verify it’s installation in iptables?

    I really like your phpBB installation, very effective!

    Thank you for your help. I suspect SecAst is now running properly until I accidentally break it again with FireHOL. 😳

    Telium Support Group
    Moderator
    April 19, 2017 at 2:38 pm
    Post count: 263
    #6702 In reply to: iptables+fireHOL not blocking IP’s |

    Problem 1: iptables rules not being created

    When SecAst starts it creates a SECAST chain linked into your iptables’ INPUT chain like this:


    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    SECAST all — anywhere anywhere

    And the SECAST chain is where dropping of attackers’ IP’s occurs. I see from your iptables list that the above rule is missing – and that’s why you are not able to block attacker IP’s. So the question is why is the SECAST chain rule being refused/lost. Are you updating/flushing your iptables rules (eg: regenerating using FireHOL) after SecAst starts? Is there an error in the SecAst log upon service start indicating any iptables related errors?

    Problem 2: Attackers not detected

    You did not include the [asterisk] stanza of your secast.conf, so ensure the securityevents key is blank (use the AMI), or points to a valid /var/log/asterisk/messages file. That’s usually the cause.

    I suggest you stop SecAst, delete the secast log file, and restart Secast, then manually ban 1 IP. Either post the secast log (or send to support@telium.io if you are concerned about making content public) and we can look there for further clues.

    If this is a commercial environment keep in mind that we recommend blocking attackers at the network edge (firewall) – letting SecAst add rules to your firewall.

    teliumcustomer19
    Participant
    April 19, 2017 at 7:56 am
    Post count: 2
    #6492
    Topic: iptables+fireHOL not blocking IP’s in forum Installation & Upgrade |

    Ubuntu 16.04 LTS x64
    Asterisk 11.25.1 LTS
    Secast-1.4.7-x86_64-ub16
    FireHOL 2.0.3 Home Page: http://firehol.org

    Problem 1:
    “IP’s manually banned aren’t setting iptables entries”

    from /var/log/secast

    Wed Apr 19 00:00:07 2017, 00000204, I, Telnet Server, Client 7: Executing command [banip add 195.154.38.22]
    Wed Apr 19 00:00:07 2017, 00000608, S, Security Event Queue, Banning manual IP ‘195.154.38.22’ as managed
    Wed Apr 19 00:00:07 2017, 00000707, E, System Command, Failed to find rules for iptables chain. Run result 0; exitcode 1
    Wed Apr 19 00:00:07 2017, 00000710, E, System Command, Failed to add rule to iptables chain. Run result 0; exitcode 1

    Problem 2:
    “attacks aren’t being detected”

    On the Asterisk console:

    [Apr 19 00:16:26] NOTICE[23258]: chan_sip.c:28390 handle_request_register: Registration from ‘”104″‘ failed for ‘163.172.121.136:1331’ – Wrong password
    [Apr 19 00:17:10] NOTICE[23258]: chan_sip.c:28390 handle_request_register: Registration from ‘”108″‘ failed for ‘163.172.121.136:1343’ – Wrong password
    [Apr 19 00:17:29] NOTICE[23258]: chan_sip.c:28390 handle_request_register: Registration from ‘”110″‘ failed for ‘163.172.121.136:1347’ – Wrong password
    [Apr 19 00:18:22] NOTICE[23258]: chan_sip.c:28390 handle_request_register: Registration from ‘”106″‘ failed for ‘163.172.121.136:1337’ – Wrong password

    in /var/log/asterisk/messages

    [Apr 19 00:16:26] NOTICE[23258] chan_sip.c: Registration from ‘”104″‘ failed for ‘163.172.121.136:1331’ – Wrong password
    [Apr 19 00:16:26] SECURITY[23243] res_security_log.c: SecurityEvent=”InvalidPassword”,EventTV=”1492586186-906350″,Severity=”Error”,Service=”SIP”,EventVersion=”2″,AccountID=”104″,SessionID=”0x7fde68043828″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1331″,Challenge=”6635aaf4″,ReceivedChallenge=”6635aaf4″,ReceivedHash=”7e1c6cf66d26143aaf2fe34b13b2d7cf”
    [Apr 19 00:17:10] SECURITY[23243] res_security_log.c: SecurityEvent=”ChallengeSent”,EventTV=”1492586230-312224″,Severity=”Informational”,Service=”SIP”,EventVersion=”1″,AccountID=”108″,SessionID=”0x7fde68010ce8″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1343″,Challenge=”60b81fa1″
    [Apr 19 00:17:10] NOTICE[23258] chan_sip.c: Registration from ‘”108″‘ failed for ‘163.172.121.136:1343’ – Wrong password
    [Apr 19 00:17:10] SECURITY[23243] res_security_log.c: SecurityEvent=”InvalidPassword”,EventTV=”1492586230-463449″,Severity=”Error”,Service=”SIP”,EventVersion=”2″,AccountID=”108″,SessionID=”0x7fde68010ce8″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1343″,Challenge=”60b81fa1″,ReceivedChallenge=”60b81fa1″,ReceivedHash=”4dc53d20eaa6dd25c508ba7b79a4570a”
    [Apr 19 00:17:29] SECURITY[23243] res_security_log.c: SecurityEvent=”ChallengeSent”,EventTV=”1492586249-415321″,Severity=”Informational”,Service=”SIP”,EventVersion=”1″,AccountID=”110″,SessionID=”0x7fde68043828″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1347″,Challenge=”01bb4376″
    [Apr 19 00:17:29] NOTICE[23258] chan_sip.c: Registration from ‘”110″‘ failed for ‘163.172.121.136:1347’ – Wrong password
    [Apr 19 00:17:29] SECURITY[23243] res_security_log.c: SecurityEvent=”InvalidPassword”,EventTV=”1492586249-562681″,Severity=”Error”,Service=”SIP”,EventVersion=”2″,AccountID=”110″,SessionID=”0x7fde68043828″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1347″,Challenge=”01bb4376″,ReceivedChallenge=”01bb4376″,ReceivedHash=”54b8e6ac114d6bddaf083230e11a35fc”
    [Apr 19 00:18:21] SECURITY[23243] res_security_log.c: SecurityEvent=”ChallengeSent”,EventTV=”1492586301-854490″,Severity=”Informational”,Service=”SIP”,EventVersion=”1″,AccountID=”106″,SessionID=”0x7fde68010ce8″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1337″,Challenge=”7e9808a1″
    [Apr 19 00:18:22] NOTICE[23258] chan_sip.c: Registration from ‘”106″‘ failed for ‘163.172.121.136:1337’ – Wrong password
    [Apr 19 00:18:22] SECURITY[23243] res_security_log.c: SecurityEvent=”InvalidPassword”,EventTV=”1492586302-7541″,Severity=”Error”,Service=”SIP”,EventVersion=”2″,AccountID=”106″,SessionID=”0x7fde68010ce8″,LocalAddress=”IPV4/UDP/50.47.128.250/5060″,RemoteAddress=”IPV4/UDP/163.172.121.136/1337″,Challenge=”7e9808a1″,ReceivedChallenge=”7e9808a1″,ReceivedHash=”490071a90f52500759e89e1392e177f9″

    Some relevant /etc/xdg/telium/secast.conf snippets

    [banip] ;==================================================================
    ; This stanza refers to how SecAst will block/allow IP addresses, as well
    ; as how it tracks blocked IP addresses.

    ; Flush any pre-existing IP’s found in fireall’s SecAst list on program
    ; start. Any pre-existing IP’s found will not be automatically removed
    ; after timeout period (they can be manually controlled only)
    ; Valid values: Yes/True/1 / No/False/0
    flushonstart=0

    ; Flush any pre-existing IP’s found in firewalls’ SecAst list on program
    ; exit
    ; Valid values: Yes/True/1 / No/False/0
    flushonexit=0

    ; Perform internal tracking as if an IP were banned by firewall, but do not
    ; actually add detected intrusion IP’s to firewall. Affecting messages will be
    ; prefixed with [TESTMODE] in the event log. This may cause some additional
    ; warnings to appear in the log file but they can be safely ignored.
    ; Valid values: Yes/True/1 No/False/0
    testmode=false

    ; Number of hours for which an IP will be banned. Minimum is 1 hour,
    ; maximum is 168 hours (i.e. 1 week). Warning: if you firewall is slowing
    ; down network traffic because the SecAst list is too large, reduce the
    ; duration.
    ; Valid range: 1 to 168 hours (i.e. 1 hour to 7 days)
    duration=72

    ; Should IP addresses already found blocked in firewall’s SecAst list be
    ; treated as managed (i.e. automatically delete after duration)
    ; Valid values include Yes/True/1 / No/False/0
    manageexisting=true

    ; Should IP addresses manually added be treated as managed
    ; (i.e. automatically delete after duration)
    ; Valid values include Yes/True/1 / No/False/0
    managemanual=true

    ; Should firewall actions use iptables. If set to false, then SecAst will
    ; rely only on the external program listed below. If the externalprogam is blank,
    ; then no ip firewalling will take place
    ; Valid values include Yes/True/1 / No/False/0
    useiptables=true

    ; Whether or not to save banip data to the SQL database.
    ; Valid values include Yes/True/1 / No/False/0
    ; If left blank will default to false
    savetodb=

    ; Number of days of banip data to retain. Data beyond this number
    ; of days will be purged on a daily basis. This value is measured in days. If
    ; set to 0 then data will be retained indefinately (i.e. never purge).
    ; Valid range: 0, 1 to 1095 (i.e. indefinite, or 1 day to 3 years)
    ; If left blank will default to 30
    dbretentiondays=20

    [network] ;==================================================================

    ;Address to listen on for management interface
    ; LocalHostIPv4 The IPv4 localhost address. Equivalent to
    ; QHostAddress(“127.0.0.1”).
    ; LocalHostIPv6 The IPv6 localhost address. Equivalent to
    ; QHostAddress(“::1”).
    ; AnyIPv4 The IPv4 any-address. Equivalent to
    ; QHostAddress(“0.0.0.0”). A socket bound with this
    ; address will listen only on IPv4 interaces.
    ; AnyIPv6 The IPv6 any-address. Equivalent to QHostAddress(“::”).
    ; A socket bound with this address will listen only on
    ; IPv6 interaces.
    ; Any The dual stack any-address. A socket bound with this
    ; address will listen on both IPv4 and IPv6 interfaces.
    ; 1.2.3.4 The specific IPv4 address
    ; 1111:2222:3333:4444:5555:6666:7777:8888 The specific IPv6 address
    managementaddress=anyipv4

    ;Port to listen on for management interface.
    ; Set to 0 to use a random port
    managementport=3000

    ; Subnets considered trusted. If more than one network is required then
    ; seperate them with pipes (|). Networks must be in the form: X.X.X.X/B
    ; For example, 1.2.3.4/24 means subnet 1.2.3.4 with 24 bit mask, also known
    ; as 255.255.255.0 bitmask
    trustednetworks=10.0.0.0/24 | 192.168.90.0/24

    [credentials] ;=================================================================
    ; This stanza refers to detection attempts to gain access to the Asterisk system
    ; resources using invalid credentials

    ; Maximum number of seconds between intrusion attempts (use of resources with
    ; invalid credentials), to be considered part of a single attack window. (If
    ; intrusions are spaced beyond this interval, then they are considered to be in
    ; seperate attack windows). Extend this number if you find attackers are
    ; spreading their attempts over hours or days.
    ; Valid range: 1-604800 (i.e. 1 second to 1 week)
    ; Default: 60
    maxintrusioninterval=3500

    ; Maximum number of intrusion attempts within a single attack window before banning
    ; the source IP. Set this number as low as possible without frustrating valid
    ; users.
    ; Valid range: 1 to 100
    ; Default: 3
    maxintrusions=1

    Secast Console:
    All banned IP’s enetered manually with “banip add nnn.nnn.nnn.nnn”


    SecAst>status
    SecAst state: protecting
    Asterisk connection state: logged in
    Threat level: low
    IP banning enforcement: enforced
    Database status: disconnected
    Run Time: 2 hours, 36 minutes, 11 seconds
    Intrusion attempts in window: 0
    Total instrusion attempts: 0
    IP’s Banned: 4 addresses
    IP’s Watched: 0 addresses
    Users Watched: 0 users
    SecAst>banip list
    163.172.121.136 2 days, 23 hours, 11 minutes, 58 seconds
    212.83.134.244 2 days, 23 hours, 14 minutes, 8 seconds
    212.83.130.10 2 days, 23 hours, 20 minutes, 42 seconds
    195.154.38.22 2 days, 23 hours, 21 minutes, 6 seconds

    iptables content
    In case it’s relevant to Secast operation


    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413
    DROP all -f 0.0.0.0/0 0.0.0.0/0
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:1024
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sipcli” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sip-scan” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “iWar” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sipvicious” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sipsak” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “sundayddr” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “VaxSIPUserAgent” ALGO name bm TO 65535
    DROP udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 STRING match “friendly-scanner” ALGO name bm TO 65535
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0
    in_mylan all — 0.0.0.0/0 0.0.0.0/0
    in_internet all — 0.0.0.0/0 0.0.0.0/0
    DROP all — 10.0.0.0/8 0.0.0.0/0
    DROP all — 169.254.0.0/16 0.0.0.0/0
    DROP all — 172.16.0.0/12 0.0.0.0/0
    DROP all — 127.0.0.0/8 0.0.0.0/0
    DROP all — 192.168.0.0/24 0.0.0.0/0
    DROP all — 224.0.0.0/4 0.0.0.0/0
    DROP all — 0.0.0.0/0 224.0.0.0/4
    DROP all — 240.0.0.0/5 0.0.0.0/0
    DROP all — 0.0.0.0/0 240.0.0.0/5
    DROP all — 0.0.0.0/8 0.0.0.0/0
    DROP all — 0.0.0.0/0 0.0.0.0/8
    DROP all — 0.0.0.0/0 239.255.255.0/24
    DROP all — 0.0.0.0/0 255.255.255.255
    DROP icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 17
    DROP icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 13
    ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
    DROP all — 0.0.0.0/0 0.0.0.0/0 state INVALID
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2
    DROP all — 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255
    all — 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255
    LOG tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix “portscan:”
    DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “IN-unknown:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy DROP)
    target prot opt source destination
    DROP all — 0.0.0.0/0 0.0.0.0/0 state INVALID
    DROP all — 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255
    all — 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255
    LOG tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix “portscan:”
    DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255
    in_lan2internet all — 0.0.0.0/0 0.0.0.0/0
    out_lan2internet all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “PASS-unknown:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0
    out_mylan all — 0.0.0.0/0 0.0.0.0/0
    out_internet all — 0.0.0.0/0 0.0.0.0/0
    DROP all — 0.0.0.0/0 0.0.0.0/0 state INVALID
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “OUT-unknown:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain in_internet (1 references)
    target prot opt source destination
    pr_internet_fragments all -f 0.0.0.0/0 0.0.0.0/0
    pr_internet_nosyn tcp — 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp flags:!0x17/0x02
    pr_internet_icmpflood icmp — 0.0.0.0/0 0.0.0.0/0 icmptype 8
    pr_internet_synflood tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
    pr_internet_malxmas tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
    pr_internet_malnull tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
    pr_internet_malbad tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
    pr_internet_malbad tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
    pr_internet_malbad tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
    pr_internet_malbad tcp — 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
    DROP all — 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
    DROP all — 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
    pr_internet_allflood all — 0.0.0.0/0 0.0.0.0/0 ctstate NEW
    in_internet_ping_s1 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_dns_s2 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_sip_s3 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_rtp_s4 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_smtp_s5 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_imaps_s6 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_pop3s_s7 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_http_s8 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_https_s9 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_ssh_s10 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_ident_s11 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_all_c12 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_ftp_c13 all — 0.0.0.0/0 0.0.0.0/0
    in_internet_irc_c14 all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “IN-internet:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain in_internet_all_c12 (1 references)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED

    Chain in_internet_dns_s2 (1 references)
    target prot opt source destination
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,ESTABLISHED
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,ESTABLISHED

    Chain in_internet_ftp_c13 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:32768:60999 ctstate ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “ftp”

    Chain in_internet_http_s8 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80 ctstate NEW,ESTABLISHED

    Chain in_internet_https_s9 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443 ctstate NEW,ESTABLISHED

    Chain in_internet_ident_s11 (1 references)
    target prot opt source destination
    REJECT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:113 ctstate NEW,ESTABLISHED reject-with tcp-reset

    Chain in_internet_imaps_s6 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:993 ctstate NEW,ESTABLISHED

    Chain in_internet_irc_c14 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:6667 dpts:32768:60999 ctstate ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “irc”

    Chain in_internet_ping_s1 (1 references)
    target prot opt source destination
    ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 ctstate NEW,ESTABLISHED icmptype 8

    Chain in_internet_pop3s_s7 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:995 ctstate NEW,ESTABLISHED

    Chain in_internet_rtp_s4 (1 references)
    target prot opt source destination
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000 ctstate NEW,ESTABLISHED

    Chain in_internet_sip_s3 (1 references)
    target prot opt source destination
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spt:5060 dpt:5060 ctstate NEW,ESTABLISHED
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:5060 ctstate NEW,ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “sip”

    Chain in_internet_smtp_s5 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:25 ctstate NEW,ESTABLISHED

    Chain in_internet_ssh_s10 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:22 ctstate NEW,ESTABLISHED

    Chain in_lan2internet (1 references)
    target prot opt source destination
    in_lan2internet_all_s1 all — 0.0.0.0/0 0.0.0.0/0
    in_lan2internet_ftp_s2 all — 0.0.0.0/0 0.0.0.0/0
    in_lan2internet_irc_s3 all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “PASS-lan2internet:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain in_lan2internet_all_s1 (1 references)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate NEW,ESTABLISHED

    Chain in_lan2internet_ftp_s2 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:21 ctstate NEW,ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “ftp”

    Chain in_lan2internet_irc_s3 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:6667 ctstate NEW,ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “irc”

    Chain in_mylan (1 references)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0

    Chain out_internet (1 references)
    target prot opt source destination
    out_internet_ping_s1 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_dns_s2 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_sip_s3 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_rtp_s4 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_smtp_s5 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_imaps_s6 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_pop3s_s7 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_http_s8 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_https_s9 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_ssh_s10 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_ident_s11 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_all_c12 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_ftp_c13 all — 0.0.0.0/0 0.0.0.0/0
    out_internet_irc_c14 all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “OUT-internet:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain out_internet_all_c12 (1 references)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate NEW,ESTABLISHED

    Chain out_internet_dns_s2 (1 references)
    target prot opt source destination
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spt:53 ctstate ESTABLISHED
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:53 ctstate ESTABLISHED

    Chain out_internet_ftp_c13 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:60999 dpt:21 ctstate NEW,ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “ftp”

    Chain out_internet_http_s8 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:80 dpts:1024:65535 ctstate ESTABLISHED

    Chain out_internet_https_s9 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:443 dpts:1024:65535 ctstate ESTABLISHED

    Chain out_internet_ident_s11 (1 references)
    target prot opt source destination
    REJECT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:113 dpts:1024:65535 ctstate ESTABLISHED reject-with tcp-reset

    Chain out_internet_imaps_s6 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:993 dpts:1024:65535 ctstate ESTABLISHED

    Chain out_internet_irc_c14 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spts:32768:60999 dpt:6667 ctstate NEW,ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “irc”

    Chain out_internet_ping_s1 (1 references)
    target prot opt source destination
    ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED icmptype 0

    Chain out_internet_pop3s_s7 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:995 dpts:1024:65535 ctstate ESTABLISHED

    Chain out_internet_rtp_s4 (1 references)
    target prot opt source destination
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spts:10000:20000 ctstate ESTABLISHED

    Chain out_internet_sip_s3 (1 references)
    target prot opt source destination
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spt:5060 dpt:5060 ctstate ESTABLISHED
    ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spt:5060 dpts:1024:65535 ctstate ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “sip”

    Chain out_internet_smtp_s5 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:25 dpts:1024:65535 ctstate ESTABLISHED

    Chain out_internet_ssh_s10 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:22 dpts:1024:65535 ctstate ESTABLISHED

    Chain out_lan2internet (1 references)
    target prot opt source destination
    out_lan2internet_all_s1 all — 0.0.0.0/0 0.0.0.0/0
    out_lan2internet_ftp_s2 all — 0.0.0.0/0 0.0.0.0/0
    out_lan2internet_irc_s3 all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “PASS-lan2internet:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain out_lan2internet_all_s1 (1 references)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED

    Chain out_lan2internet_ftp_s2 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1024:65535 ctstate ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “ftp”

    Chain out_lan2internet_irc_s3 (1 references)
    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp spt:6667 dpts:1024:65535 ctstate ESTABLISHED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED helper match “irc”

    Chain out_mylan (1 references)
    target prot opt source destination
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_allflood (1 references)
    target prot opt source destination
    RETURN all — 0.0.0.0/0 0.0.0.0/0 limit: avg 60/sec burst 10
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “ALL_FLOOD:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_fragments (1 references)
    target prot opt source destination
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “PACKET_FRAGMENTS:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_icmpflood (1 references)
    target prot opt source destination
    RETURN all — 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “ICMP_FLOOD:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_malbad (4 references)
    target prot opt source destination
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “MALFORMED_BAD:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_malnull (1 references)
    target prot opt source destination
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “MALFORMED_NULL:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_malxmas (1 references)
    target prot opt source destination
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “MALFORMED_XMAS:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_nosyn (1 references)
    target prot opt source destination
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “NEW_TCP_w/o_SYN:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Chain pr_internet_synflood (1 references)
    target prot opt source destination
    RETURN all — 0.0.0.0/0 0.0.0.0/0 limit: avg 100/sec burst 50
    LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix “SYN_FLOOD:”
    DROP all — 0.0.0.0/0 0.0.0.0/0

    Telium Support Group
    Moderator
    April 12, 2017 at 5:26 pm
    Post count: 263
    #6699 In reply to: Terminate with exit code 156 |

    Exit code 156 is defined as “Failure to setup NIC control” (see the Detailed Installation Guide for the meaning of all exit code). This means that the NIC you have told HAAst to use (in the [voipnic] stanza of haast.conf) is not responding as expected or not available.

    If you set the log level to DEBUG and restart HAAst, you will see more details of what is going wrong in the haast log file. Most often this relates to configuring HAAst to use an IP address that is already in use somewhere on the network, or use an interface that is not present in the system (possibly due to a typo in the interface name). If you post the [voipnic] stanza of your haast.conf, and the output of ifconfig we can offer more specific advice.

    Customer Inquiry
    Participant
    April 12, 2017 at 5:23 pm
    Post count: 201
    #6489
    Topic: Terminate with exit code 156 in forum Installation & Upgrade |

    Shortly after starting the HAAst service it terminates with exit code 156. Why?

    Telium Support Group
    Moderator
    March 27, 2017 at 3:27 pm
    Post count: 263
    #6815 In reply to: Keeping calls up when cluster switches to backup node |

    If you are willing to accept the risks of placing new single points of failure in your call path, and you are not using the OEM edition of HAAst (which includes call survival features), then yes you still have options. The key to this solution is to ensure directmedia (RTP flowing directly between endpoints). It’s also quite likely that your endpoints will expect to see the SIP channel responsive as well (or they may drop the call).

    Establishing directmedia involves:

    • Ensuring the media anchor points are accessible to one another without NAT.
    • Ensuring Asterisk is configured to use re-invites/directmedia
    • Ensuring your Asterisk dialplan does not force Asterisk to remain in the RTP stream
    • Ensuring your endpoints do not require transcoding (performed by Asterisk)

    Optional: ensuring the SIP endpoints continue to see active SIP connections involves:

    • Placing a B2BUA (or gateway/proxy/SBC) between endpoints and the cluster – this device must place itself into the SIP stream and optionally allow NAT traversal
    • Configuring the B2BUA to allow the interior leg of the SIP call to drop, but keep the outer leg of the SIP call to remain active
    • Configuring the B2BUA to use UDP for SIP (at least for cluster facing leg). This is not always required

    For example (this shows two B2BUA’s for clarity, but you can adjust to fit your need):
    Keeping calls up

    There are open source B2BUA products which might be modifiable to do what you want (eg: the SIPpy project available at: https://github.com/sippy/b2bua). Keep in mind that you are creating a free version of the commercial solution we do not recommend. If this is a critical call center you may be better off developing a proper B2BUA from scratch to do what you want, including moving calls through the new active HAAst node, etc but that is a large undertaking.

    HAAst OEM edition creates a call anchor on the PBX, so that even if Asterisk fails the calls don’t drop. HAAst will move the calls to the other node in an orderly fashion (move by IP or SIP redirect), or HAAst will grab the calls by force should the entire PBX server fail.

    • This reply was modified 4 years, 3 months ago by WebMaster.
    • This reply was modified 4 years, 3 months ago by WebMaster.
    Telium Support Group
    Moderator
    February 24, 2017 at 2:01 pm
    Post count: 263
    #6693 In reply to: Upgrade to configuration generator (FreePBX) |

    When you perform an upgrade/update to any module in FreePBX (even a minor one) there is the possibility that FreePBX will change the structure of the tables in MySQL. Since HAAst will (intentionally) not sync metadata (SQL structures), you must ensure that the peers do not attempt to synchronize data during such an upgrade/update.

    The Maintenance and Operations Guide shows the complete upgrade procedure (see section 6). But if you are very experienced with Linux & FreePBX, you can follow this short-cut:

    1. Upgrade A
      1. Unplug the network connection from A
      2. Upgrade FreePBX on A
    2. Upgrade B
      1. Unplug the network connection from B
      2. Replug the network connection to A
      3. Upgrade FreePBX on B
    3. Re-establish cluster
      1. Replug the network connection from B
      2. Wait for the cluster to HAAst restablish automatically
      3. Use the telnet/web interface to make the preferred peer active. (Or wait for automatic fallback during the maintenance window if enabled in the haast.conf file)

    The key concept here is that a standby peer must NOT be able to see an active peer which is running a different version (or different modules installed/enabled) of the configuration generator.

    Note that this applies only to FreePBX. Other configuration generators do a much better job managing settings and keeping settings-code aligned.

    Telium Support Group
    Moderator
    February 19, 2017 at 2:58 am
    Post count: 263
    #6691 In reply to: How do internal phones locate the PBX after failover |

    The answer depends on the location of your two PBX’s. If the two PBX’s are located on the same subnet, then

    1. Move IP: Use the VoIPNIC option of HAAst to move a single IP between peers. This will allow for rapid reconnection of downstream (user agents) and upstream (trunks)

    If the two PBX’s are located on different subnets (from each other):
    [list=2]
    [*]SRV records: Assuming your user agents (phone sets) support SRV records (which most do), then you should create SRV records for your two PBX’s. Most user agents will perform a DNS lookup for SRV records to find available PBX’s, and try them in order of priority until they successfully register with a PBX. For example, if you have PBX’s located in data centers dc1 and dc2, create two DNS entries (in your internal DNS server) as follows:

    type=srv
    name=_sip._udp.mydomain.com
    priority= 10
    weight=0
    port=5060
    hostname=pbx1.local


    and

    type=srv
    name=_sip._udp.mydomain.com
    priority= 20
    weight=0
    port=5060
    hostname=pbx2.local


    [*]Route Change: Use the pre/post Asterisk start/stop event handlers of HAAst to update routes in your router(s). Set the updated routes to point to the new PBX address.
    [*]DNS update: Use the pre/post asterisk start/stop event handlers to update a public DNS entry. Be sure to set the TTL value low enough that phones will lookup the new IP in a reasonable timeframe.[/list]

    Note: Using SRV records or DNS entries makes it easy for users with softphones to move on and off LAN and resume a PBX connection without manual intervention.

    Telium Support Group
    Moderator
    February 19, 2017 at 2:37 am
    Post count: 263
    #6690 In reply to: How do external phones locate the PBX after failover |

    The answer depends on the location of your two PBX’s. If the PBX’s are located in the same data center (i.e. using the same external IP address), then no change is necessary as they will connect to the same IP address. If you need to modify your firewall/router internally to direct traffic to the active peer then see the answer to the question on locating the PBX for internal phones. On the other hand, if the PBX’s are located in different data centers (i.e. accessible using different public IP addresses) then your options are:

    1. SRV records: Assuming your user agents (phone sets) support SRV records (which most do), then you should create SRV records for your two PBX’s. Most user agents will perform a DNS lookup for SRV records to find available PBX’s, and try them in order of priority until they successfully register with a PBX. For example, if you have PBX’s located in data centers dc1 and dc2, then create to DNS entries (in your public DNS server) as follows:


      type=srv
      name=_sip._udp.mydomain.com
      priority= 10
      weight=0
      port=5060
      hostname=dc1.mydomain.com


      and

      type=srv
      name=_sip._udp.mydomain.com
      priority= 20
      weight=0
      port=5060
      hostname=dc2.mydomain.com

    2. DNS update: Use the pre/post asterisk start/stop event handlers to update a public DNS entry. Be sure to set the TTL value low enough that phones will lookup the new IP in a reasonable timeframe.
    3. MPLS: If you use MPLS then you can simply move the label (to move IP between routers of your two DC’s). We don’t provide any further detail on this option (i.e. if you don’t understand how to do this with MPLS, then there’s too much to explain in one post)

    Note: Using SRV records or DNS entries makes it easy for users with softphones to move on and off LAN and resume a PBX connection without manual intervention.

    Telium Support Group
    Moderator
    February 7, 2017 at 9:01 pm
    Post count: 263
    #6687 In reply to: License violation but no calls in progress |

    The fact that the license violation occurs close to the time of a log rotation is a red herring (no relationship).

    SecAst does not track calls in progress; it asks Asterisk to report the number of calls in progress. You can perform the same query from the command line:

    asterisk -vx ‘core show calls’


    So the question is why is your Asterisk installation reporting 8 calls in progress. This can be due to:

    • Valid users making calls in or out
    • Valid user starting the conference feature
    • Incoming callers leaving a voicemail
    • Automated calls
    • Hackers calling in to probe your dialplan
    • Asterisk incorrectly not releasing channels
    • Dialplan errors

    If the number of calls reports higher than you expect, you can delve deeper into the calls in progress using a command like:

    asterisk -vx ‘core show channels’

    If you are using FreePBX then Sangoma recently started making automatic calls in the background to set ‘time condition’ variables. In essence FreepBX is making invisible calls, and Asterisk will report these as calls in progress; nothing we can do about it, and that won’t explain 8 calls in progress.

    So…in a nutshell SecAst does not count calls – it gets that number from Asterisk. Something else is going on with your Asterisk setup. Repeat the first command above once every 30 seconds and watch if your ‘calls processed’ count is increasing even when users aren’t making calls. That should help you figure out why Asterisk is reporting a count you don’t expect!

    And now the bad news…it sounds like you’re struggling with some basic Linux admin and Asterisk admin tasks. If this is a commercial installation I would recommend purchasing 2 hours of support so we can help you through setup. If this is a home installation you probably have a big learning curve ahead of you in terms of Ubuntu and Asterisk – I’m not sure if it’s worthwhile for you to continue but we can’t really offer free support for Asterisk (or Ubuntu). I’m not sure if you are using a configuration generator either (you don’t offer any details of your system), but if this is a commercial installation you may want to move up to a package like xCALLY which provides a very professional turnkey solution without many of the headaches involved with many smaller packages (you don’t need to know anything about Linux or Asterisk).

    teliumcustomer23
    Participant
    February 7, 2017 at 5:04 pm
    Post count: 1
    #6397
    Topic: License violation but no calls in progress in forum Configuration & Optimization |

    So on my testing box (with the total of 4 users) for a call center I have the following in the secast log during the logrotate:


    Mon Feb 6 23:52:40 2017, 00000404, I, Logger, Log file rotation/truncation detected. New log file started
    Mon Feb 6 23:52:40 2017, 00001019, E, License, Violation detected. 8 lines in use exceeds license limit of 3 lines
    Mon Feb 6 23:52:40 2017, 00000126, W, Controller, Automatic shutdown request by module License
    Mon Feb 6 23:52:40 2017, 00002038, W, Controller, Stopping
    Mon Feb 6 23:52:40 2017, 00000107, I, General, SecAst state changing to not protecting
    Mon Feb 6 23:52:40 2017, 00001706, I, Database Controller, Database closed
    Mon Feb 6 23:52:40 2017, 00001713, E, Database Controller, Database command failed on write to eventlog table
    Mon Feb 6 23:52:40 2017, 00001705, I, Database Controller, Database open for archiving
    Mon Feb 6 23:52:41 2017, 00001259, I, Asterisk Controller, Stopped
    Mon Feb 6 23:52:41 2017, 00001303, I, Geo IP, Closed GeoIP database
    Mon Feb 6 23:52:41 2017, 00001602, I, Controller, Pipe server stopping
    Mon Feb 6 23:52:41 2017, 00000201, I, Controller, Telnet server stopping
    Mon Feb 6 23:52:41 2017, 00002832, I, Controller, Recovery state will no longer be automatically saved
    Mon Feb 6 23:52:42 2017, 00002824, I, Controller, Stopped
    Mon Feb 6 23:52:42 2017, 00000101, I, General, SecAst terminating with exit code 200 (license violation or error) after running for 2 days; 7 hours; 8 minutes; 21 seconds

    There’s no way that there are 8 simultaneous calls on that system at any time, as a matter of fact there were no calls active at all at the time in the log file.

    Sadly, when that happens, secast takes the astman/asterisk down with it, making the whole system inaccessible.

    How can I get secast to accurately determine the number of simultaneous active calls? If I can’t have it resolved, my out resort would be to disable/uninstall secast completely, after a long struggle with dependencies to run it on Ubuntu 14.04 LTS.

    Telium Support Group
    Moderator
    January 18, 2017 at 1:24 am
    Post count: 263
    #6682 In reply to: Peerlink fails for PBX’s in AWS |

    The peerlink error means that the two peers are unable to talk to one another. This is most likely due to Security Group misconfiguration within AWS. As a simple test, try to telnet from one peer to the other peer on port 3002; for example:


    telnet 10.1.2.3 3002

    This command will likely fail/timeout, which confirms the Security Group misconfiguration. To resolve this, and assuming both peers are in the same Security Group, and iptables/firewalld is disabled, set that Security Group to allow “itself” traffic on all ports (in AWS). After doing so the peers should quickly find each other and the Peerlink indicators in the GUI will turn green.

    If you decide you want the highest level of security possible, only enable destination port 3002 TCP access between the peers (plus ports needed for file/directory/database sync as optionally defined in your haast.conf). But if the peers are in the same Security Group you should be fine allowing all traffic.

  • Author
    Search Results
Viewing 15 results - 76 through 90 (of 113 total)
Previous 1 2 3 5 6 7 8 Next