. // // Alexey A.Znayev, znaeff@mail.ru, http://xbsoft.org, http://xbsoft.ru // /////////////////////////////////////////////////////////////////////////// // This file contains public class DNSBL // This class performs IP address check in spam blocking lists as described // on http://ru.wikipedia.org/wiki/RBL class DNSBL { private $_aCheckers = array( // list of checkers available for individual checking 'spamhaus' => array('.zen.spamhaus.org', true), //available for group checking with 'all' key 'spamcop' => array('.bl.spamcop.net', true), //available for group checking with 'all' key 'dsbl' => array('.list.dsbl.org', false), //not available for group checking with 'all' key 'ordb' => array('.relays.ordb.org', false), //not available for group checking with 'all' key 'sorbs' => array('.dnsbl.sorbs.net', false), //not available for group checking with 'all' key 'njabl' => array('.dnsbl.njabl.org', false) //not available for group checking with 'all' key ); // AZ - 1. Key 'all' is illegal // AZ - 2. Most of spammer IP addresses is covered by 'spamhaus' & 'spamcop' (and they are fast), // some of the rest may not work sometimes, you can make them group checking available after individual testing private $_sDefaultChecker = 'spamhaus'; /////////////////////////////////////////////////////////////////////////// // CheckSpamIP - check IP for spam in checkers : given, default or all available for group checking (may be slow) // parameters: // string $ip - ip address // string $checker - checker name or 'all' or nothing // returns: // true when IP exitsts in spam-lists of $checker or at least one of all checkers // false when not or when ip address is local or not correct public function CheckSpamIP($ip, $checker = ''){ if(empty($ip)) return false; if(preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $ip) != 1) return false; $octets = explode('.', $ip); if($octets[0] == '127') return false; if($octets[0] == '10') return false; if($octets[0] == '192' && $octets[0] == '168') return false; if($octets[0] == '169' && $octets[0] == '254') return false; // ms windows if((int)$octets[0] > 255 || (int)$octets[1] > 255 || (int)$octets[2] > 255 || (int)$octets[3] > 255 ) return false; $ret_val = false; $PTR = implode(array_reverse($octets), '.'); if($checker === 'all'){ foreach(array_values($this->_aCheckers) as $c){ if($c[1]){ $ret_val = $ret_val || $this->_CheckDNSAnswer(dns_get_record($PTR . $c[0], DNS_A)); } if($ret_val) break; } }else if(array_key_exists($checker, $this->_aCheckers)){ $ret_val = $this->_CheckDNSAnswer(dns_get_record($PTR . $this->_aCheckers[$checker][0], DNS_A)); }else{ $ret_val = $this->_CheckDNSAnswer(dns_get_record($PTR . $this->_aCheckers[$this->_sDefaultChecker][0], DNS_A)); } return $ret_val; } /////////////////////////////////////////////////////////////////////////// // GetCheckers - gets list of available checker names // returns: // array of strings public function GetCheckers(){ return array_keys($this->_aCheckers); } /////////////////////////////////////////////////////////////////////////// // GetGroupCheckers - gets list of checker names available for group checking with 'all' key // returns: // array of strings public function GetGroupCheckers(){ $ret_val = array(); foreach(array_keys($this->_aCheckers) as $k) if($this->_aCheckers[$k][1]) array_push($ret_val, $k); return $ret_val; } /////////////////////////////////////////////////////////////////////////// // GetDefaultChecker - gets default checker name // returns: // string public function GetDefaultChecker(){ return $this->_sDefaultChecker; } /////////////////////////////////////////////////////////////////////////// // SetDefaultChecker - sets default checker name // parameters: // string $new_checker - new default checker name // returns: // true when success // false when failed ($new_checker is not in the list of available checker names) public function SetDefaultChecker($new_checker){ if(array_key_exists($new_checker, $this->_aCheckers)){ $this->_sDefaultChecker = $new_checker; return true; }else{ return false; } } /////////////////////////////////////////////////////////////////////////// // EnableGroupChecking - sets checker available for group checking // parameters: // string $checker - checker name // returns: // true when success ($checker is included) // false when failed ($checker is not in the list of available checker names) public function EnableGroupChecking($checker){ if(array_key_exists($checker, $this->_aCheckers)){ $this->_aCheckers[$checker][1] = true; return true; }else{ return false; } } /////////////////////////////////////////////////////////////////////////// // DisableGroupChecking - sets checker not available for group checking // parameters: // string $checker - checker name // returns: // true when success ($checker is excluded) // false when failed ($checker is not in the list of available checker names) public function DisableGroupChecking($checker){ if(array_key_exists($checker, $this->_aCheckers)){ $this->_aCheckers[$checker][1] = false; return true; }else{ return false; } } // private methods /////////////////////////////////////////////////////////////////////////// // _CheckDNSAnswer - checks DNS-server answer for 127.0.0.* values // returns: // true when success // false when failed private function _CheckDNSAnswer($dns_answer){ if(!is_array($dns_answer)) return false; $len = count($dns_answer); if($len <= 0) return false; for($i=0; $i<$len; $i++){ $obj = $dns_answer[$i]; if(!(is_object($obj) || is_array($obj))) return false; $ip_str = $obj['ip']; if(!is_string($ip_str)) return false; $pos = strpos($ip_str, '127.0.0.'); if($pos !== false) return true; } return false; } } // end of class DNSBL ?> IP Telephony – bits and pieces https://blog.fabian-affolter.ch primary Fedora and some negligibilities...hauptsächlich Fedora und ein paar Nebensächlichkeiten... Sun, 24 Sep 2023 10:11:42 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.25 Investigating VoIP ressources https://blog.fabian-affolter.ch/investigating-voip-ressources/ https://blog.fabian-affolter.ch/investigating-voip-ressources/#respond Sat, 03 Mar 2012 10:28:11 +0000 http://fabian-affolter.ch/blog2/?p=2106 Continue reading ]]> Let’s run some test on a VoIP test environments with the tools of SIPvicious. The test setup contains the listed items:

  • 2 Cisco 7960 phones (wired)
  • 1 Android phone with csipimple (wireless)
  • 1 Empathy client (wireless)
  • FreePBX with asterisk (wired)

I’m using svmap.py to get an overview of the network and its clients.

alpine-sip:~$ svmap.py 10.0.0.1-10.0.0.255
| SIP Device       | User Agent           | Fingerprint |
---------------------------------------------------------
| 10.0.0.102:51754 | Cisco-CP7960G/8.0    | disabled    |
| 10.0.0.103:51677 | Cisco-CP7960G/8.0    | disabled    |
| 10.0.0.10:5060   | FPBX-2.10.0(1.8.8.0) | disabled    |

Now we do same as previously but in verbose mode.

alpine-devel:~$ svmap.py -v 10.0.0.0/24
INFO:DrinkOrSip:trying to get self ip .. might take a while
INFO:root:start your engines
INFO:DrinkOrSip:10.0.0.0:5060	->	10.0.0.10:5060	->	FPBX-2.10.0(1.8.8.0)	->	disabled
INFO:DrinkOrSip:10.0.0.12:5060	->	10.0.0.10:5060	->	FPBX-2.10.0(1.8.8.0)	->	disabled
INFO:DrinkOrSip:10.0.0.103:5060	->	10.0.0.103:51701	->	Cisco-CP7960G/8.0	->	disabled
INFO:DrinkOrSip:10.0.0.102:5060	->	10.0.0.102:51777	->	Cisco-CP7960G/8.0	->	disabled
INFO:DrinkOrSip:10.0.0.255:5060	->	10.0.0.10:5060	->	FPBX-2.10.0(1.8.8.0)	->	disabled
INFO:root:we have 3 devices
| SIP Device       | User Agent           | Fingerprint |
---------------------------------------------------------
| 10.0.0.102:51777 | Cisco-CP7960G/8.0    | disabled    |
| 10.0.0.103:51701 | Cisco-CP7960G/8.0    | disabled    |
| 10.0.0.10:5060   | FPBX-2.10.0(1.8.8.0) | disabled    |

INFO:root:Total time: 0:00:09.498435

Let’s check for the clients with a wireless connection. The Android phone and the client with empathy.

alpine-sip:~$ svmap.py 10.0.1.0/24
| SIP Device     | User Agent                  | Fingerprint |
--------------------------------------------------------------
| 10.0.1.21:5060 | CSipSimple r1108 / bravo-10 | disabled    |

It seams that svmap.py is a bit limited in detecting soft-phone. The client with Empathy was not found with svmap.py.

According to the SIPvicious tutorial the next step is to use svwar.py to identify the extensions. 

alpine-sip:~$ svwar.py 10.0.0.10
ERROR:TakeASip:SIP server replied with an authentication request for an unknown extension. Set --force to force a scan.
WARNING:root:found nothing

With --force the output is more detailed. 

alpine-sip:~$ svwar.py --force 10.0.0.10
WARNING:TakeASip:Bad user = SIP/2.0 401  - svwar will probably not work!
WARNING:TakeASip:We got an unknown response
ERROR:TakeASip:Response: 'SIP/2.0 401 Unauthorized\r\nVia: SIP/2.0/UDP 10.0.0.50:5060;branch=z9hG4bK-1328803665;received=10.0.0.50;rport=5060\r\nFrom: "100"<sip :100@10.0.0.10>;tag=3130300131393835373335393339\r\nTo: "100"<sip :100@10.0.0.10>;tag=as53bf6bd9\r\nCall-ID: 477972794\r\nCSeq: 1 REGISTER\r\nServer: FPBX-2.10.0(1.8.8.0)\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\nSupported: replaces, timer\r\nWWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="4a68b468"\r\nContent-Length: 0\r\n\r\n'
WARNING:root:found nothing</sip></sip>

There is no extension 100. not able to detect any of the extensions. Another try with a defined range of extensions. 

alpine-sip:~$ svwar.py --force -e 1000-4000 -z 4 10.0.0.10
WARNING:TakeASip:Bad user = SIP/2.0 401  - svwar will probably not work!
WARNING:TakeASip:We got an unknown response
ERROR:TakeASip:Response: 'SIP/2.0 401 Unauthorized\r\nVia: SIP/2.0/UDP 10.0.0.50:5060;branch=z9hG4bK-761662038;received=10.0.0.50;rport=5060\r\nFrom: "1000"<sip :1000@10.0.0.10>;tag=3130303001363732373238393031\r\nTo: "1000"<sip :1000@10.0.0.10>;tag=as1134a866\r\nCall-ID: 1144953976\r\nCSeq: 1 REGISTER\r\nServer: FPBX-2.10.0(1.8.8.0)\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\nSupported: replaces, timer\r\nWWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5bef375f"\r\nContent-Length: 0\r\n\r\n'
WARNING:root:found nothing</sip></sip>

In both cases the issue seams to be based on "Bad user = SIP/2.0 401". At the moment I have no idea how to by pass this without modifying the source code.

]]> https://blog.fabian-affolter.ch/investigating-voip-ressources/feed/ 0 nmap scripts for VoIP analyses https://blog.fabian-affolter.ch/nmap-scripts-for-voip-analyses/ https://blog.fabian-affolter.ch/nmap-scripts-for-voip-analyses/#respond Sat, 03 Sep 2011 10:22:56 +0000 http://fabian-affolter.ch/blog2/?p=1928 Continue reading ]]> The standard installation of nmap on Fedora contains already plenty of scripts which can be used with NSE.

All scripts are located at /usr/share/nmap/scripts.

The first step is to add SIP support for nmap. Switch to the nselib directory and download the dependencies for sip-brute.

cd /usr/share/nmap/nselib
sudo wg et http://nmap.org/svn/nselib/sip.lua
sudo wg et http://nmap.org/svn/nselib/creds.lua

The same with sip-brute but sip-brute goes to another directory.

cd /usr/share/nmap/scripts
sudo wg et http://nmap.org/svn/scripts/sip-brute.nse

The last step is to update the plugin database of nmap.

sudo nmap --script-updatedb
Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-03 10:40 CEST
NSE: Updating rule database.
NSE: Script Database updated successfully.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.35 seconds

Let’s run nmap against the server.

sudo nmap -sU -p 5060 10.0.0.12 --script=sip-brute

Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-03 10:41 CEST
baduser-8402	badpass-3944
Nmap scan report for 10.0.0.12
Host is up (0.0051s latency).
PORT     STATE         SERVICE
5060/udp open|filtered sip
| sip-brute: 
|   Accounts
|     No valid accounts found
|   Statistics
|_    Perfomed 50010 guesses in 187 seconds, average tps: 285

Nmap done: 1 IP address (1 host up) scanned in 187.21 seconds

]]> https://blog.fabian-affolter.ch/nmap-scripts-for-voip-analyses/feed/ 0 Dial pattern in Outbound Route https://blog.fabian-affolter.ch/dial-pattern-in-outbound-route/ https://blog.fabian-affolter.ch/dial-pattern-in-outbound-route/#respond Wed, 22 Jun 2011 21:45:06 +0000 http://fabian-affolter.ch/blog2/?p=1865 FreePBX can configured to use a dial pattern to select a specific route. Let’s say that you want to select a route with a “9” then the configuration has to look like shown in the image below.

Dial pattern

]]> https://blog.fabian-affolter.ch/dial-pattern-in-outbound-route/feed/ 0 Wartemusik bei FreePBX einrichten https://blog.fabian-affolter.ch/wartemusik-bei-freepbx-einrichten/ https://blog.fabian-affolter.ch/wartemusik-bei-freepbx-einrichten/#respond Sat, 12 Feb 2011 11:18:29 +0000 http://fabian-affolter.ch/blog2/?p=1668 Continue reading ]]> Bei einem Heim- oder SOHO-Telefonsystem ist die Wartemusik sicher nicht die wichtigste Funktion. Wenn aber Anrufer nur Stille wahrnehmen, dann könnte es für sie so wirken, wie wenn die Verbindung getrennt wurde. Bei FreePBX ist bereits standardmässig Wartemusik verfügbar. Es kann jedoch auch eine eigene Sammlung hinzugefügt werden.

Wenn das Module “Music on Hold” verfügbar ist, kann unter “Internal Options & Configuration” und dann über “Music on Hold” eigene Musik-Dateien hinzuzufügt und entfernt werden. Mit Vorteil wird nur Musik verwendet, welche unter einer freien Lizenz steht, sonst muss geklärt werden, ob Abgaben entrichtet werden müssen.

]]> https://blog.fabian-affolter.ch/wartemusik-bei-freepbx-einrichten/feed/ 0 tcpdump für SIP-Verkehr https://blog.fabian-affolter.ch/tcpdump-fur-sip-verkehr/ https://blog.fabian-affolter.ch/tcpdump-fur-sip-verkehr/#respond Thu, 25 Nov 2010 23:00:27 +0000 http://fabian-affolter.ch/blog2/?p=1595 In einem älteren Posting habe ich die Möglichkeit betrachtet, wie der SIP-Verkehr mit Wireshark aufgezeichnet werden kann. Mit tcpdump kann nur der Verkehr aufgezeichnet werden und später mit Wireshark aufgezeichnet werden.

tcpdump -i wlan0 -p -n -s 0 "udp" -vvv  -w sip-traffic.dump

]]> https://blog.fabian-affolter.ch/tcpdump-fur-sip-verkehr/feed/ 0 E60 und Elastix https://blog.fabian-affolter.ch/e60-und-elastix/ https://blog.fabian-affolter.ch/e60-und-elastix/#respond Tue, 23 Nov 2010 22:30:07 +0000 http://fabian-affolter.ch/blog2/?p=1589 Damit ich das nächste Mal nicht mehr suchen muss, wenn ich die Konfiguration des E60 gelöscht habe.

Profile name: default
Service profile: IETF
Default access point: Home
Public user name: 2000@192.168.1.2
Use compression: No
Registration: Always on
Use security: No

Proxy server
  Proxy server address: 192.168.1.2
  Realm: asterisk
  User name: 2000
  Password: 12345 oder das Passwort
  Allow loose routing: Yes
  Transport type: UDP
  Port: 5060

Registar server
  Registrar server address: 192.168.1.2
  Realm: -
  User name: -
  Password: -
  Transport type: UDP
  Port: 5060

]]> https://blog.fabian-affolter.ch/e60-und-elastix/feed/ 0 Home made headset for a Cisco IP Phone 7960 https://blog.fabian-affolter.ch/home-made-headset-for-a-cisco-ip-phone-7960/ https://blog.fabian-affolter.ch/home-made-headset-for-a-cisco-ip-phone-7960/#respond Sun, 21 Nov 2010 09:02:35 +0000 http://fabian-affolter.ch/blog2/?p=1587 Continue reading ]]> A headset for a Cisco IP Phone 7960 would be nice but those headset are expensive. A home made-one is sufficient for your need. There is a good tutorial available to do it. I do not need a connection box, I just want to attach the headset to the phone.

  • A headset with 3.5 mm connectors
  • RJ-10 connector 4-pin/4-pin
  • 3 heat shrink tubes
  • some tools (Soldering gun, )
  • 10 min

Now plug the headset in your headset jack and you are ready to go. The headset for 8 CHF (6$) wins no beauty contest. The author of this description makes no warranty of any kind. Use at your own risk.

]]> https://blog.fabian-affolter.ch/home-made-headset-for-a-cisco-ip-phone-7960/feed/ 0 Empathy und Fedora Talk https://blog.fabian-affolter.ch/empathy-und-fedora-talk-2/ https://blog.fabian-affolter.ch/empathy-und-fedora-talk-2/#respond Mon, 01 Nov 2010 22:39:03 +0000 http://fabian-affolter.ch/blog2/?p=1545 Vor wenigen Tage habe ich mich über Empathy und Fedora Talk ausgelassen. Nun eine grössere Aktualisierung später und die Oberfläche von Empathy hat sich ein bisschen geändert.

Empathy

]]> https://blog.fabian-affolter.ch/empathy-und-fedora-talk-2/feed/ 0 voipgateway.org und Asterisk https://blog.fabian-affolter.ch/voipgateway-org-und-asterisk/ https://blog.fabian-affolter.ch/voipgateway-org-und-asterisk/#respond Sun, 31 Oct 2010 13:19:21 +0000 http://fabian-affolter.ch/blog2/?p=1549 Continue reading ]]> Mit eine Soft-Phone lässt sich das Freecall-Netzwerk sehr einfach nutzen. Die Einrichtung für eine Soft-PBX ist nicht viel komplizierter.

Beispielsweise unter freepbx als neuen Trunk:

General Settings
Trunk Name: voipgateway.org
Outbound Caller: 41310000000

PEER Details:
host=ps1.voipgateway.org
username=41310000000
secret=yyyyy
type=peer

USER Details:
secret=yyyyy
type=user
context=from-trunk

Register String: 41310000000:yyyyy@voipgateway.org

Folgende Einstellungen funktionieren bei mir ohne nennenswerte Probleme.

]]> https://blog.fabian-affolter.ch/voipgateway-org-und-asterisk/feed/ 0 voipgateway.org https://blog.fabian-affolter.ch/voipgateway-org/ https://blog.fabian-affolter.ch/voipgateway-org/#respond Sun, 31 Oct 2010 10:47:04 +0000 http://fabian-affolter.ch/blog2/?p=1551 Continue reading ]]> Viele VoIP-Provider in der Schweiz sind dem Freecall Network angeschlossen. Die Konfiguration eines Konto für die mobile Nutzung mit Ekiga, bespielsweise eines von phonestar.ch, ist denkbar einfach.

Der Server ist voipgateway.org, der Benutzername ist die eigenen Telefonnummer und das Passwort. Benutzername und Passwort sollte seit der Anmeldung bekannt sein.

Ekiga

Wurde die Daten korrekt eingegeben

Registered

und in der Status-Zeile erscheint ein Hinweis

Registered

]]> https://blog.fabian-affolter.ch/voipgateway-org/feed/ 0