[asterisk-users] Anonymous SIP calls
mdupuis at ocg.ca
Thu Mar 26 21:29:39 CDT 2015
You have to consider whether you really want "anonymous" calls, or you just want to enable SIP calls from trusted companies/partners. The latter means setting up routes to these companies and (ideally) registration between peers.
If you really want anonymous calls, then you will have to setup your dialplan with a guest/anonymous context for the calls to drop into. Once they arrive in that context you can route them anywhere else in your dialplan based on rules you setup. To help understand how this works, set verbose up to 10 in the Asterisk CLI and then call into your PBX using a SIP phone (without registration) . You'll quickly see how it works.
The bigger concern here is security. Hackers will have a field day with an unsecured SIP connection. You will want to add some security on and around your Asterisk server. Take a look at http://www.voip-info.org/wiki/view/Asterisk+security for suggestions.
To be conservative, assume someone WILL find a hole in your dialplan and attempt to commit fraud (i.e. rack up charges on your phone system). You will want to add security to your asterisk server which detects this fraud and disconnects the callers. There's a great video of an Astricon attendee explaining how callers racked up $100,000 in charges in one weekend.
From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> on behalf of James B. Byrne <byrnejb at harte-lyne.ca>
Sent: Thursday, March 26, 2015 9:24 PM
To: Asterisk Users List
Subject: [asterisk-users] Anonymous SIP calls
We have a FreePBX-12 / Asterisk-12 setup that supports about 24
extensions, most internal Snom870s but six or so external (Jitsi-2.8).
we use TLS and SRTP everywhere on our side of the fence. The server
host is a dedicated atom(tm) box using the FreePBX distro (CentOS-6.x)
and is up-to-date. Registrations require very long random passwords
and registrable devices are further restricted by netblock filters.
We have the usual firewall and fail2ban intrusion prevention and
detection set-ups in place.
Our connection to the rest of the world is via PSTN.
We do our own DNS, both forward and reverse. We have NAPTR and SRV
RRs for SIP and SIPS.
That is the environment. Now for the questions.
Can I safely configure FreePBX/Asterisk to allow people to call us
directly via SIP? In other words, sip://firstname.lastname@example.org would
reach us and ring internally as if someone had called our main office
number via PSTN. Does it make sense to do so?
I am not talking about routing our main number through a SIP trunk
provider. We will remain on PSTN for the foreseeable future. But I
am curious as to whether or not it it worthwhile to allow others who
have the capability to simply call us via SIP rather than over PSTN.
And if we do allow it what are the caveats and how does one actually
configure Asterisk to do it?
I have read a number of blogs, sections of the Definitive Asterisk
book and mailing list archived posts respecting anonymous SIP calls.
But I have to say these leave me rather more confused than informed.
Virtually all sources advise against accepting any anonymous incoming
SIP calls whatsoever. The few that do not absolutely advise against
do not give much guidance in how to handle incoming calls. And
frankly, I have only a dim idea how an incoming SIP call should be
handled from a theoretical point of view.
Any guidance would be welcome.
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
More information about the asterisk-users