The Palner Group, Inc.

Kamailio, Asterisk, VoIP, and IT Consulting

Tag: Perl

Automatically Block Failed SIP Peer Registrations

Previously we posted a little script for quickly checking your asterisk log for failed peer registrations. Building on that script, and with the use of iptables and cron, you can easily (and automatically) block flooding traffic from your system. Iptables, a linux command line program to filter IP traffic, provides high level packet filtering before the traffic can be used to corrupt a program. Cron, the linux time scheduler, enables you to automatically run commands at scheduled time periods.

Set up IP Tables

We will not be discussing the intricacies of iptables in this post. There are excellent tutorials on iptables, and with most things linux, help is only a google away. To help identify the traffic blocked as asterisk related, a new chain will be created appropriately called… asterisk.

Here’s how to add the new chain:

iptables -N asterisk
iptables -A INPUT -j asterisk
iptables -A FORWARD -j asterisk

This will help identify hosts blocked for failed registrations.

Asterisk’s Log for Failed Registrations

In most cases of a sip flood attack, the host attempts registration to Asterisk. These hosts are identified in the Asterisk log (/var/log/messages) as “No matching peer found.” The following perl script scans /var/log/messages for these patterns, strips the IP address, and puts the IP address into an array.

After the file has been read, the IP addresses are counted (each count is a failed attempt), compared against the existing blocked hosts, and new occurrences are blocked. With this script we are blocking any host after the 4th failed attempt.

Here’s the script (last updated 05 SEP 2010):

#!/usr/bin/perl -w
use strict;
use warnings;
my (@failhost);
my %currblocked;
my %addblocked;
my $action;

open (MYINPUTFILE, "/var/log/asterisk/messages") or die "\n", $!, "Does log file file exist\?\n\n";

while (<MYINPUTFILE>) {
	my ($line) = $_;
	chomp($line);
	if ($line =~ m/\' failed for \'(.*?)\' - No matching peer found/) {
		push(@failhost,$1);
	}
	if ($line =~ m/\' failed for \'(.*?)\' – Wrong password/) {
		push(@failhost,$1);
	}
}

my $blockedhosts = `/sbin/iptables -n -L asterisk`;

while ($blockedhosts =~ /(.*)/g) {
	my ($line2) = $1;
	chomp($line2);
	if ($line2 =~ m/(\d+\.\d+\.\d+\.\d+)(\s+)/) {
		$currblocked{ $1 } = 'blocked';
	}
}

while (my ($key, $value) = each(%currblocked)){
	print $key . "\n";
}

if (@failhost) {
	&count_unique(@failhost);
	while (my ($ip, $count) = each(%addblocked)) {
		if (exists $currblocked{ $ip }) {
			print "$ip already blocked\n";
		} else {
			$action = `/sbin/iptables -I asterisk -s $ip -j DROP`;
			print "$ip blocked. $count attempts.\n";
		}
	}
} else {
	print "no failed registrations.\n";
}

sub count_unique {
    my @array = @_;
    my %count;
    map { $count{$_}++ } @array;
    map {($addblocked{ $_ } = ${count{$_}})} sort keys(%count);
}

Schedule the script with cron

The final step is to schedule your script to run every X minutes in cron. We’ve chosen to run our script every 2 minutes, but you can change this to 1 minute or any other time period you choose. Just remember… you can receive thousands of attempts within 2 minutes.

If you have named your script check-failed-regs.pl and placed it in your /usr/local/bin directory, your cron statement would look like this:

*/2 * * * * perl /usr/local/bin/check-failed-regs.pl &> /dev/null

Questions? Comments? We love feedback. Or, contact us for more information.

Perl Script for Asterisk Failed Peer Registrations

I guess this might be better titled as the Quick and Dirty Perl Script… but here we go:

#!/usr/bin/perl -w
use strict;
use warnings;
my (@failhost);

open (MYINPUTFILE, "/var/log/asterisk/$ARGV[0]") or die "\n", $!, "Does log file file exist\?\n\n";

while (<MYINPUTFILE>) {
	my ($line) = $_;
	chomp($line);
	if ($line =~ m/\' failed for \'(.*?)\' - No matching peer found/) {
		push(@failhost,$1);
	}
}

if (@failhost) {
	&count_unique(@failhost);
} else {
	print "no failed registrations.\n";
}

sub count_unique {
    my @array = @_;
    my %count;
    map { $count{$_}++ } @array;
	
	#print them out:
	
    map {print "$_ = ${count{$_}}\n"} sort keys(%count);

}

And while we duck from @Merlyn’s criticisms (although we love his criticism), the basic usage is:

perl [Whatever you named it].pl messages
or perl [Whatever you named it].pl messages.1

Results look like:

184.73.53.22 = 13586
64.76.45.100 = 9895
78.46.87.14 = 9960

Or “no failed registrations.” if you have no failed attempts.

Integrating Fax for Asterisk

Asterisk provides an open-source solution for IP Telephony (aka VoIP). Customizing your telephone system to increase productivity remains one of Asterisk’s greatest features. Today, we will look at using Asterisk to replace your need for a fax machine.

Benefits

  • Store faxes electronically
  • Reduce printing costs
  • Share faxes via email

Requirements

  • Server running Asterisk (32 bit compatibility needed)
  • Fax for Asterisk Software Add-on

Step One: Get the Fax for Asterisk Software License

First, choose the licensing based on your needs. If you will only need to support 1 simultaneous fax Continue reading

Asterisk Consulting Services

Asterisk is a registered trademark of Digium

Team Forrest offers Asterisk Consulting Services for a wide variety of VoIP, Call Center, and other Telephony Based needs. From small, family business to large Corporations, Team Forrest’s simple philosophy of “Help the Client” ensures we provide great service to meet your needs.

Asterisk Consulting

From carrier services to traditional PBX services, Team Forrest’s Asterisk Consulting Service provides you the solution you need. Services include:

  • IVR Development
  • Custom AGI Scripting / Programming
  • OpenSER Integration
  • Calling Card Systems
  • Call Center / Sales Queue Development
  • Call Recording (call spying, call barging, whisper, etc.)
  • Database Integration (Microsoft SQL MSSQL, MySQL, Oracle, etc.)
  • Custom Solutions

Emergency Asterisk Support

When a problem comes along, we provide 24/7 Emergency Support to bring your system back to life. Both new and existing clients benefit from our immediate support response.

For immediate support please contact us or call +1 (212) 937-7844.

Remote and Onsite Support

Team Forrest offers immediate remote assistance across the globe. Local, onsite service is also available, with quick response to Michigan, Florida, and New York locations.

Asterisk? Ask us.

With Team Forrest, you get professional consulting at a great price — increased productivity at a lower cost. To see how Team Forrest can help improve your communication needs, contact us. We enjoy talking with clients and look forward to seeing how we can help you.

Asterisk, developed and released by Digium, Inc., is the world’s leading open source telephony engine and tool kit. Asterisk empowers communication with it’s flexibility. Whether working as a simple office telephone system, a robust Call Center platform, or anything in-between, Asterisk provides advanced features at a very low deployment cost.  Asterisk is released as open source under the GNU General Public License (GPL), and it is available for download free of charge. Asterisk is the most popular open source software available, with the Asterisk Community being the top influencer in VoIP.

Parking Availability, Team Forrest, and Asterisk

Ann Arbor Parking

Recently, Fred Posner of Team Forrest, assisted Edward Vielmetti with a simple idea — help make information accessible. In this case, the information was the availability of Parking Spots in Ann Arbor, Michigan.

The Ann Arbor Downtown Development Authority (A2DDA) publishes data regarding parking spot availability on the web, however, when you’re driving to the garage navigating to a web site is the least of your worries. So, an idea was born to make parking information readily accessible — and with that, Team Forrest’s Fred Posner built a quick prototype to demonstrate how Asterisk (by Digium) can help rethink how data can be accessed.

In the prototype, a caller can select which garage to query. The system will then speak to the caller the remaining number of spaces and offer 3 options — select another garage, exit (and hear the local weather), or choose to be notified if there are fewer than 10 spaces remaining. If the caller selects the notification option, the system will automatically check once a minute (for 30 minutes) and initiate a call out to the user. The call will remind the user which garage they selected and inform them of the current number of available spaces.

The prototype for this project can be accessed from the Team Forrest main line, at +1 (212) 937-7844. Then, choose 6 for check local Ann Arbor Parking availability.

About Team Forrest

Team Forrest offers complete Internet Consulting services, specializing in VoIP and Asterisk solutions. Team Forrest has one simple goal: Help the client. Whether you need emergency assistance or if you are planning a deployment, Team Forrest is here to help. With over 15 years experience, our team can quickly assess your needs and help deploy the most appropriate solution.

About Asterisk

Asterisk (by Digium) is the world’s leading open source telephony engine and tool kit. Asterisk empowers communication with it’s flexibility. Asterisk is released as open source under the GNU General Public License (GPL), and it is available for download free of charge. Asterisk is the most popular open source software available, with the Asterisk Community being the top influencer in VoIP.

Related Information:

Weather on your Polycom

VoIP Tech Chat posted a nice little script for putting a quick, no frills weather report directly onto your Polycom Microbrowser.

To view the code, download the files, or just see the script, go to VoIP Tech Chat (dot com).

Using AGI to get Caller ID Name CNAM

Everyone has them — and here’s Team Forrest’s version of a Caller ID to Name (CNAM, CIDNAME, etc.) lookup using AnyWho, Google, and 411.com. The first file is the calleridname.pl: Continue reading