<html><body>Hi James,<div><br></div><div>Fortunately, your theory about common "run for dollars" is false with many contra-examples. :)</div><div><br></div><div>jh</div><div><p>---------- Původní zpráva ----------<br>Od: Bruce Ferrell <bferrell@baywinds.org><br>Komu: asterisk-users@lists.digium.com<br>Datum: 28. 3. 2015 0:17:54<br>Předmět: Re: [asterisk-users] Anonymous SIP calls</p><br><blockquote>James,<br><br>I'm a systems and telecom professional with experience going back more than thirty years, to the days of teletype, current loop, POTS (2600hz signalling anyone?) and echo<br>cancellation via analog level control and hybrid balance.<br><br>Your read of the intent of the VOIP/SIP design correctly. The intent WAS to make making connections between endpoints as easy as using a browser.<br><br>Unfortunately, setting up ALL of the infrastructure, not JUST the registration/switching points (Asterisk/Kamailiao/Freeswitch), can be quite daunting... In general, simple DNS is<br>beyond most and the necessary specialized (and they aren't That SPECIAL) SRV records make most systems admins run for the hills these days. <br><br>When we see a statement regarding consideration of allowing anonymous calls, we seeing someone who is (rightly) concerned about fraudulent use of an expensive resource... PSTN<br>interconnect. In the intended vision, that would be a "don't care" scenario, because the PSTN interconnect wouldn't exist, but it does and it's billed by it's use making it expensive.<br><br>In theory, E164 would have take up closer to that ideal. Asterisk has hooks and connections to use it and it's own, competing directory mechanism, DUNDi. Let's make special note<br>of a word I used in that last sentence... Competing. Is DUNDi better? I don't know and I'm fairly certain I just touched off a debate on the topic. But I do know that when<br>things start competing/contending, people do a few things:<br><br>1.) They take sides and fragment things<br>2.) The sit on the sidelines and wait for things to settle out<br><br>In my experience, this has a tendency to bring things to a halt.<br><br>Add to this, most of this tech is really, really only useful to businesses. I give my skills to people who need it (Family, friends my old gray haired mother-in-law). Businesses<br>are in the business of making money and if they want the use of my skills, they get to pay me. No one I know will perform this type of thing for free for a business and we all<br>compete for the limited pool of resource that business is willing to offer. What I have to offer is the "tricks of the trade" I've garnered over a lifetime career. There was a<br>time when systems admins freely swapped these tips, tricks and techniques (for the best example see the old Novell Users FAQ). As I mentioned before, we who know how to install<br>and maintain VOIP systems are now competing and the dollars come hard, so there seems (at least in the areana of VOIP) less willingness to do this. Oddly, VOIP seems to be more<br>cut throat that any other sector of IT.<br><br>Just my experience and I'm sticking to it... and wishing it weren't so and that unicorns really existed.<br><br><br><br>On 03/27/2015 01:03 PM, James B. Byrne wrote:<br>> On Thu, March 26, 2015 22:29, Michelle Dupuis wrote:<br>>> You have to consider whether you really want "anonymous" calls, or you<br>>> just want to enable SIP calls from trusted companies/partners. The<br>>> latter means setting up routes to these companies and (ideally)<br>>> registration between peers.<br>>><br>> This is what I am trying to get a handle on. It seemed to me that the<br>> promise of VOIP was essentially that one could use the Internet as a<br>> replacement for the PSTN directly, providing that ones callers/callees<br>> were also directly connected via VOIP. SIP providers I had considered<br>> a necessary transition to act as gateways between PSTN dialing and<br>> VOIP until VOIP replaced PSTN virtually entirely if not completely.<br>><br>> That is why we are on Asterisk. We had to replace our old keyed<br>> system and the thought was that we might as well get ready for VOIP<br>> even if we planned to stay on PSTN for the foreseeable future.<br>><br>> However, the overwhelming evidence I find is that one simply does not<br>> employ VOIP in the same way that PSTN works. Actually, I have put<br>> that backwards. What I have discovered is that the most commonly<br>> recommended method is to switch from a Telco to A SIP provider and<br>> continue in a manner similar to the former set-up. External calls all<br>> have to travel through a third party provider.<br>><br>> One does not accept incoming VOIP calls from just everyone,<br>> apparently. One only accepts VOIP calls from known correspondents. I<br>> am not clear why this is so other than vague warnings respecting<br>> (admittedly real and serious) security issues.<br>><br>> Even limiting VOIP to known correspondents one is ultimately trusting<br>> that they themselves are secured sufficiently to prevent unauthorised<br>> access to your systems through theirs. And that seems a bit of a<br>> stretch by way of rationalisation to me.<br>><br>> Also I do not understand is why the same issues do not exist from<br>> incoming calls via PSTN.<br>><br>> I somewhat understand the process of getting devices to register and<br>> authenticate to obtain access to our outgoing routes. What is it<br>> about incoming SIP calls destined to our internal users that make<br>> those calls so dangerous? Why cannot incoming anonymous SIP calls not<br>> be treated exactly as incoming PSTN calls (other than PSTN have to go<br>> though DAHDI to turn them into digital VOIP calls). What is it that<br>> prevents them from being blocked from gatewaying through to our PSTN<br>> lines?<br>><br>> Please forgive my abysmal ignorance on this matter. Perhaps I have<br>> been down in the weeds too long getting our internal FreePBX system<br>> working to see what is obvious to others. I have been going theough<br>> the Asticon Videos on security and have or already had implemented<br>> most of the suggestions: Outbound LD secured by pins and allowed only<br>> during work hours; IPTABLES rules and fail2ban checks; Separation of<br>> voice and data network segments and addresses; Private IP for VOIP<br>> desk-sets and internal provisioning; and so forth.<br>><br>> However, I still have the sense that I am just not getting it. What<br>> am I missing?<br>><br><br><br>-- <br>_____________________________________________________________________<br>-- Bandwidth and Colocation Provided by http://www.api-digital.com --<br>New to Asterisk? Join us for a live introductory webinar every Thurs:<br> http://www.asterisk.org/hello<br><br>asterisk-users mailing list<br>To UNSUBSCRIBE or update options visit:<br> http://lists.digium.com/mailman/listinfo/asterisk-users</blockquote></div></body></html>