Corporate blog
Beyond the realms of Open Source and Technology
It's that time of year again, to update on the latest trends in the Asterisk community and the Asterisk market. In comparison to previous year conventions, this years motto was, at least according to our view: "Asterisk is now a main stream option". We all knew that Asterisk was getting more and more recognition by the technical communities - however, this is the first time the business community had showed that it is accepting Asterisk as a valid solution in the market.
First of all, before I go on and add additional information on the previous post – I’d like to do one thing – sound the ALL CLEAR alarm signal. It would appear that while the Humbug engine had identified an anomaly, it had identified something that was out there for some time now, was catered by Asterisk internally – however, we didn’t have a clear indication of what it looks like as the attack is going on. And now, with a bit more details.
Everybody these days are big into cloud computing - be it due to cost constraints, hype requirements or simply because you don't have anything else to do - cloud computing is here to stay and will be with us for the next 10 years at the least. About 2 years ago, GreenfieldTech was involved in the testing and adaptation of Asterisk into the Amazon EC2 cloud infrastructure - since then much has happened. Asterisk based EC2 AMI images had become a norm and you can find dozens if not hundreds of Asterisk installations on Amazon EC2. The one thing that people always ask: "How does a cloud perform? is it measurable?" - well, most of the EC2 measurements were based upon fairly simple applications, so the actual results varied - in addition, due to the nature of the Amazon Cloud, results varied from one cloud region to another, depending on your termination provider, inbound provider, inbound bandwidth, etc. In other words, a definite answer was somewhat hard to give.
As you know, fraud analysis and Telephony Security forensics are a big thing here at GreenfieldTech. As our CEO, Mr. Simionovich, is also the chief architect of the Humbug Analytics project, GreenfieldTech enjoys access to information usually not available to other consulting companies and carriers around the world. The following post had been posted by Mr. Simionovich on the Humbug blog and shows a new Asterisk bound fraud pattern.

Party Hardy at Astricon 2011 – Denver, Colorado

Has it been a year already? it seems like Asticon 2010 (Washington DC) was just a few weeks ago and here we are at the entrance to Astricon 2011. I have to admit that last year's Astricon was somewhat hectic for me, specifically due to the fact that I arrived at my hotel about 90 minutes prior to my talk - with a severe jet-lag. People who know me personally are used to my somewhat unorthodox presentation manner - and were somewhat surprised by a slightly less vibrant lecture - well, what can you expect with 20 hours jet-lag and no sleep for 14 hours?

Securing an Israeli Asterisk PBX system

Many people are asking us how to secure their Asterisk PBX system. It is fairly obvious to say that closing down your VoIP UDP ports to the world is a good place to start. SIP utilizes port 5060, while IAX2 utilizes port 4569. In most companies, locking down access to these ports from the world is just enough to lock down around 95% of your problems, however, many companies these require that their Asterisk system be accessed from sources outside of their network – usually, accessing from the same country. In our case, we’ve received requests from people asking how to lock down their PBX system, to allow only the Israeli networks to access the PBX system. Using the http://www.find-ip-address.org/ip-country/ website, you can easily obtain a full IP ranges list of your country, regardless of where you are in the world.
We’ve created a copy of that form below:

 

Country:
Prefix:
Output:

 
Now, just select your country from the list above and download the full IP ranges file. You will need a CIDR based file to create a full functional IP tables script. The end result should look like this:

-A RH-Firewall-1-INPUT -m state –state NEW -s 2.52.0.0/14 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.19.80.0/21 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.31.96.0/21 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.36.193.144/28 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.116.0.0/15 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.120.0.0/15 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.136.41.0/24 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.136.116.0/24 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.183.88.0/21 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 46.210.0.0/16 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.0.0.0/16 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.56.252.0/22 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.0.0/17 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.128.0/18 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.192.0/19 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.224.0/20 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.240.0/21 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.248.0/22 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.253.0/24 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.90.254.0/23 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.122.224.0/21 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.128.32.0/19 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.184.18.64/27 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.200.224.0/24 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.200.232.0/24 -m udp -p udp –dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -s 62.200.234.0/25 -m udp -p udp –dport 5060 -j ACCEPT

The actual list is much larger, it actually has around 1000 entries – other countries may actually have more. Bear in mind that IP ranges that were assigned to different countries may have gaps in them. Thus, if you try to consolidate some of the rows into a single row, you may end up opening access to countries you don’t really want. The concept described can also be applied to other protocols such as HTTP, HTTPS, SSH or any other IP based protocol.

Support services offering is now available again

Since early 2009, GreenfieldTech had been rendering Asterisk support services to various business entities in Israel and around the world. GreenfieldTech is currently rendering support services to over 100 customers world wide, rendering various support for FreePBX, Elastix, A2Billing and other Open Source and Commercial Asterisk variants. Coming early 2010, we had stopped offering these support services publicly, simply due to the fact that we needed to re-group our support structure in order to provide a better service to our customers. Since that time, we had launched our own Asterisk monitoring and alerting platform and all our customers are now connected to the Humbug Call Analytics and Fraud Analysis service.
We are now ready to start offering our Asterisk support services again, in a more convenient and easy to understand manner. All our support services are rendered through either a monthly or yearly retainer. We hope that you will find these support services useful.

Welcome to our new website

Well, we’ve been working on this one for some time now and we finally finished it. As you may recall, the previous website had the blog and website completely seperated – that was caused by the fact that while the blog was based on WordPress, the website was made of more-or-less static pages. We’ve decided to migrate the entire website to WordPress as well, thus, combining the two elements into a single one. We hope that the new website will provide you with a more in-depth view of what we do at GreenfieldTech.