[Asterisk-Users] INBAND DTMF G729 ASTERISK

denis at isolve.com.br denis at isolve.com.br
Fri Jun 24 12:30:40 MST 2005 

Thanks for your comments Andrew and others.

You're right about the "false sense of security", I will discuss it with
my team.

I'll check out SRTP support and implementations to see if it is
reasonsable right now.

Do you know what kind of DTMF/CODEC is used by Vonage by default, for
example? I just want to know the best practice used for VoIP providers.

Thanks.

Denis.



> On Friday 24 June 2005 13:10, denis at isolve.com.br wrote:
>> Ok, point me on HOW may I get DTMF inband with ethereal.
>
> You capture the data stream, then pull the audio frames out and reassemble
> to
> a nice slinear audio file (say wav?) -- put that through code cobbled
> together with asterisk's dsp.c or spandsp or even some already-available
> audio software and you can get data like this:
>
> Detected tone 5
> Detected tone 8
> Detected tone 9
> Detected tone 3
> ...
>
> Hell there was a slashdot article not too far back that gave the exact
> scenario.
>
> Honestly it is *not* difficult, there are tools out there that do it now
> and
> can be put together for free.
>
> Yes, it's a LITTLE more difficult than just running strings over a packet
> trace, but it's not much more difficult and besides... when did script
> kiddies ever build their own tools?  They wait for someone like me to
> write
> it and then just download it.
>
>> Andrew, I'm just looking for the most quality/security solution to use
>> Asterisk with G729, ok?! I think this is good for all of us.
>
> I agree.  However:
>
> 1. Inband DTMF with any compressed voice codec is flakey.
> 2. Inband DTMF is only slightly harder to "see" than out of band DTMF.
> 3. If you want voice quality you'll be using ulaw anyway.
>
> I know what you're trying to accomplish but I'm telling you that you're
> chasing ghosts here...  all you'll end up doing is giving yourself a false
> sense of security and when someone drains your bank account you'll be
> flabbergasted because you were so certain that your DTMF was unhackable
> since
> it was inband, and it's simply not a valid security measure.
>
> We're all on the same team here, I'm just trying to prevent some headaches
> for
> you.
>
> -A.
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list