Category Archives: Asterisk

Asterisk OpenSource PBX

Calculating bandwidth for Asterisk calls

One of the things you need to do when looking for a server to run Asterisk on is figure out how much bandwidth you need for the number of concurrent calls you’re expecting to have.

A great tool for this can be found here – http://www.asteriskguru.com/tools/bandwidth_calculator.php

Just set the codec you’re going to be using (check with your VOIP provider – g.711/ulaw is usual and the highest quality), the connection type (usually SIP or IAX2 with Asterisk) and the number of concurrent calls. It will then display the bandwidth required for that many calls.

One thing to watch out for if you’re planning on mixing codecs (say g.711 on one leg of the call and g.729 on the other) is that your server will have to transcode/convert the audio which is processing intensive.  This may limit the number of concurrent calls your server can handle.

Also don’t forget that if you’re planning on running Asterisk at home your upload speed will normally be a lot slower than the download speed.

FBI / IC3 issue warning for Asterisk users

Last December the IC3 issued an alert for Asterisk users whch can be seen here.

This initially caused a panic amongst the developers as it wasn’t really clear what the alert was about. It turns out that it was for a vulnerability that was indentified and patched by Digum 9 months earlier. IC3 issued an updated buliten shortly after describing the issue a little better which can be seen here

I’m still seeing this alert being used to try and discourage people from using Asterisk but as far as I can see it’s just a normal security warning that was quickly identified and fixed by the software developer.

If you’d like to read more information there’s a good post here regarding this – http://blog.tmcnet.com/blog/tom-keating/asterisk/digium-responds-to-fbi-vhishing-security-warning-about-asterisk.asp and, as always, keep your software patched!

Hacking and securing your Asterisk server

I spent a little while playing with sipvicious today. This is a SIP scanner that can be used for scanning SIP servers – which obviousy includes Asterisk, Trixbox, Elastix, etc…

It’s not surpising that scanning for vulnerable SIP servers is on the increase – these sort of tools are really easy to use, and with the lure of making free phone calls at your expense it’s definitnely worth making sure that your PBX is secure.

Here’s what I did to scan one of my servers. The server is a Trixbox CE 2.6 server and I set up the following extensions for testing –

Continue reading

Trixbox, Elastix and Asterisk videos

There are some great videos around to give you an idea about what you can do with Asterisk and FreePBX.

Here are a selection –

Kerry Garrison, the senior product manager of Trixbox gives a quick tour of the installation and setup of Trixbox 2.2. The first half of this video concentrates on installing Trixbox but if you have a Trixbox VPS the hard work is done for you. Trixbox is now on version 2.4

Trixbox features. A nice run through of some of the features in FreePBX/Trixbox.

A good (and pretty long!) explanation of what you can do with Asterisk. This doesn’t include any information about FreePBX, the web based GUI.


Hackers targetting Asterisk boxes

I saw the first ‘externsion scan’ of my Asterisk box this week. That is, an external server tried to register as an extension, starting at extension 100 all the way up to extension 999. I’m assuming if they had found a valid extension number then this would have been been followed by a brute force password (secret) scan.

This is an interesting article explaining the problem a little more – http://michigantelephone.wordpress.com/2008/11/28/why-didnt-freepbx-developers-implement-important-security-patch/

If you’re running Asterisk (and FreePBX) then the least you need to do is make sure that you’ve got pretty strong passwords for your extensions.

iptables for asterisk

If you’re running Asterisk on a VPS or a dedicated server then setting up your iptables firewall can be a tricky.

I thought I’d post my firewall script to help get you started. I save this script as /usr/local/bin/firewall.sh and then add a line to run it from /etc/rc.local

It allows SSH’ing to the machine plus rules required for SIP connections (you will need other rules if you use IAX) plus some basic “bad stuff” filtering.

I’ve commented it so, hopefully, you’ll be able to figure out and chages you need.

Continue reading

Getting the DID number from a CallCentric SIP trunk for FreePBX

I’ve got a few DDI numbers from CallCentric all around the world (UK, US, Australia) and couldn’t figure our how to setup an ‘Inbound Route’ in FreePBX that used the number that had been dialled to route the call.

It turns out that you need to extract the number from the ‘SIP header’ information and there’s no setting in FreePBX to do this so it means hacking at the Asterisk config files just a little.

Continue reading