[App_rpt-users] SIP VoIP for Asterisk

Dwaine Garden VE3GIF DwaineGarden at rogers.com
Thu Sep 5 22:29:18 UTC 2013 

I walked over to the telco team where I work and mentioned our conversation to them.   They told me that the law states you have to clearly label the telephone device if you change the dialup number from 911.   (That's why we have all our VOIP phones labeled with the different number)

I mentioned the AllStar node.   They said E911 is a complete mess.  You can't label an outside connection to a VOIP server.  You would not want to either if you could.

Most companies are just ignoring the requirement to have an open dial plan for E911 from the Internet.  If you find yourself in a legal situation.   The telco guys told me your at fault.  You get fined.

E911 should really be traceable back to the person that placed the call.  They can do that with certain, so the law goes after the person which e911 is registered under.

The guys in the telco team just laughed when I talked to them about the AllStar node.   Welcome to VOIP and the E911 mess.

Dwaine

Bill South <wbs099 at yahoo.com> wrote:

>     While this thread is not part of what I originally asked about (SIP provider recommendations) I'll add that 911 access is mandated in some LATAs, but seems to be some debate if it must be 911 or if 9-911 is OK, or other variations.  I worked in the telecom business for over 25 years in various parts of the USA and different localities would respond differently to the question about 911.  When E911 first came out, where a database lookup was done by the local police emeregency agency systems answering 911 calls showing names and addresses, some jurisdictions mandated that database had to show the exact location the call was originating from, not a billing address of some companies headquarters.  Big problem for some large companies where a single billing address is used for all telco circuits.  For residences I'm not sure anyone has put much thought into laws regarding 911 dialing and any restrictions thereof; businesses on the other hand, where
> 100's maybe thousands of workers are in the same building and floor and locating a 911 caller could be pretty tough for local emnergency responders, there are, or were anyway, laws in some locations mandating 911 unrestricted.  The thought has always been though that in an emergency people have the expectation, whether at home or work, that they can dial 911 and get help; not sure where the laws stands now on that across the USA.
>
>--------------------------------------------
>On Thu, 9/5/13, Dwaine Garden VE3GIF <DwaineGarden at rogers.com> wrote:
>
> Subject: Re: [App_rpt-users] SIP VoIP for Asterisk
> To: "Jim Duuuude" <telesistant at hotmail.com>
> Cc: "app_rpt mailing list" <app_rpt-users at ohnosec.org>
> Date: Thursday, September 5, 2013, 7:40 PM
> 
> Canadian customers have to provide an
> address and name for 911 purposes for a DID.  Bell and
> Rogers were mandated with their VoIP services.
> 
> I gave them the logs of the server where the IP address were
> listed.   Rogers was good and moved me to a new IP address
> and filtered out the source.
> 
> I had an iptables script that would ban IP address that
> attempted a certain number of connections during a certain
> amount of time.  Then ban that IP address.  It worked great.
>  It stopped the hackers script dead cold.  Until they ran
> the 911 script.  They were ruthless in their attacks.
> 
> My all-star node was the best fun I have had with Ham radio.
>  I'll fire it back up again.   Just waiting for the dust
> to settle without a DID setup.
> 
> Dwaine
> 
> Jim Duuuude <telesistant at hotmail.com> wrote:
> 
> Double BRAVO-SIERRA!!
> 
> If that were true, a LOT of large business owners (some of
> which may even operate
> large businesses :-) ) would be in jail, if they HAPPEN to
> have a phone system or even
> worse, service from the "phone company", that
> requires dialing 9 to get an "outside line".
> 
> I bet even the police dept has to dial 9 to dial 911.
> 
> And as far as that goes, put the line in your pet
> tarantula's name, and make it clear to them
> that the spider is more then willing to 'serve its
> time' for such a terrible transgressions!! :-)
> 
> Wholesale outbound telecom services, such as ones provided
> by most SIP providers, are *NOT* 
> "in your name", *NOR* do they even technically
> have a "phone number" or a "service
> address".
> Just because you pay the bill for them does not, in any
> manner, construe that you are the end user
> of the service.
> 
> Jim
> 
> 
> 
> 
> Date: Thu, 5 Sep
> 2013 14:58:42 -0400
> Subject: RE: [App_rpt-users] SIP VoIP for Asterisk
> From: DwaineGarden at rogers.com
> To: telesistant at hotmail.com
> CC: dshaw at ke6upi.com; app_rpt-users at ohnosec.org
> 
> It was an interesting experience.  Has anyone else
> experienced the same problem and had the police involved?  
> I did mention that I would change the
> Dial string.  The police told me that a person has to be
> able to dial 911 and get emergency services.
> 
> I gave up and just walked over to the all-star computer and
> hit the power button.  Sadly, it has been off ever since.
> 
> If I had changed the 911 Dial string before the incident. 
> The police would of not gotten involved. Never known about
> the situation.
> 
> Just let everyone know.  The two police officers were very
> good about it.  They told me that its happening a lot and
> 911 is getting a little upset about it.
> 
> I told them they should go after the person responsible. 
> They told me that's you.   The line is in your name.
> 
> Anyway, just wanted to throw out there my experience.
> 
> Dwaine
> 
> Jim Duuuude <telesistant at hotmail.com> wrote:
> 
> Okay (and yes, that is STUPID and most likely
> WRONG, but most police depts are
> just completely ignorant of telecom issues). So, fine...
> GIVE them access to 911.
> Let them dial it. But, sadly, on YOUR phone network, the
> dialing string is just a LITTLE
> bit longer (like about 30 digits in front of the 911)... get
> it?
> 
> Jim
> 
> 
> Date: Thu, 5 Sep
> 2013 14:07:58 -0400
> From: DwaineGarden at rogers.com
> To: dshaw at ke6upi.com
> CC: app_rpt-users at ohnosec.org
> Subject: Re: [App_rpt-users] SIP VoIP for Asterisk
> 
> The problem is you are not allowed by law to have a phone
> without unrestricted access to 911.  I had Metro Toronto
> police at my door explaining that even if I block 911 to any
> outside connections I would be breaking the law.  If you
> have a server on the internet with sip.  They have to able
> to connect to be able to call 911. 
> 
> I told the police it was retard.  They told me that was fine
> they will charge me.
> 
> Police told me that even if someone breaks into your house. 
> If there is a phone install,  the criminals better have
> access to dial 911 unrestrictive.
> 
> The hackers did not get into the box.  They were trying for
> months.   Got pissed off and changed their script to dial
> 911 constantly.  SIP and DID see a 911 call.  It dials it. 
> No questions asked.  No login or nothing.
> 
> The Police told me it was a huge problem.  SIP or DID are
> setup like a public pay phone.  Full access to 911.
> 
> It was an eye opener for me.   You learn something new
> everyday.  If I see someone asking about SIP or DID.  I let
> them know about my experience.
> 
> David KE6UPI <dshaw at ke6upi.com> wrote:
> 
> I'm sorry Dwaine what are you
> talking about? Sorry If I don't understand what your
> talking about.
> 
> I have both a public Asterisk server and a local
> Asterisk server. I have never had anyone connect and make a
> call that was not authenticated user.. Yes they try and
> fail2ban will block them. There are many way to stop
> unwanted hackers on your server. 
> 
> 
> 
> As for dialing 911 just make a dial plain to route to space
> if you want. 
> 
> Google "Asterisk Security"
> 
> http://www.voip-info.org/wiki/view/Asterisk+security
> 
> 
> 
> David
> 
> 
> 
> On Thu, Sep 5, 2013
> at 9:13 AM, Dwaine Garden VE3GIF <DwaineGarden at rogers.com>
> wrote:
> 
> It
> works great until the hacks find the machine.  They
> port scan non stop.  Its especially fun when their
> scripts dial 911 constantly.  There is no way to turn
> off dialing 911 for SIP.
> 
> 
> 
> 
> Bill South <wbs099 at yahoo.com>
> wrote:
> 
> 
> 
> >     I'm thinking of adding some type of
> SIP trunking or other VoIP service provider to my ACID
> Asterisk system to support in/out bound calling.
>  I've read some emails on the app_rpt reflector
> with names of providers mentioned, but I am looking for
> recommendations, as there are zillions of VoIP providers out
> there.  This is going to be used very sparingly so
> least-cost is a good thing, but good reliability and no
> bombardment with email adds by the provider is desired too.
>  I can easily get by with a single number, but may want
> to add additional DIDs later.  Thoughts?
> 
> 
> >
> 
> >Bill
> 
> >
> 
> >
> 
> >_______________________________________________
> 
> >App_rpt-users mailing list
> 
> >App_rpt-users at ohnosec.org
> 
> >http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> _______________________________________________
> 
> App_rpt-users mailing list
> 
> App_rpt-users at ohnosec.org
> 
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
> 
> 
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 		 	   		   		 	   		  
> -----Inline Attachment Follows-----
> 
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> 
>_______________________________________________
>App_rpt-users mailing list
>App_rpt-users at ohnosec.org
>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

More information about the App_rpt-users mailing list