The other day I was playing with the Asterisk “Originate” dial plan application which lets you originate an outbound call and connect it to a specified extension or application. For those who know Asterisk, this is basically the same as the AMI (Asterisk Manager Interface) Originate command, but with one major exception – unlike the AMI Originate command, the originate application does not allow you to pass along the calling line ID name or number for the outbound call, nor does it let you pass any channel variables. Because of this limitation, all my outbound calls from the dial plan were coming out as from anonymous.
To resolve this, I’ve posted an updated version of the originate application to GitHub (https://github.com/matthewmgamble/asterisk-originate-2) which allows you to pass CLID Name, CLID Number, and channel variables as optional arguments.
Nothing earth shattering, but I hope someone else finds it useful!
Recently the Asterisk Security Team announced two new security security issues – AST-2013-004 and AST-2013-005, both for remote crash vulnerabilities in the Asterisk SIP stack. While the Asterisk Security Team provides patches for Asterisk 1.8 & 11, they no longer provide updates for older Asterisk releases such as 1.6.2, which went EOL on 2012-04-21.
While it’s best practice for everyone to update to the latest stable releases, sometimes that isn’t possible, and since I still have one Asterisk system in my lab running 1.6.2 I figured I should investigate if it was vulnerable to these issues. Conveniently, the Asterisk Security Team provides a basic Asterisk configuration and sipp scripts to reproduce both security issues, so testing Asterisk 1.6.2 was actually quite simple.
For AST-2013-004, I couldn’t actually reproduce the issue on Asterisk 184.108.40.206. Testing an unpatched Asterisk 1.8 I could reproduce the issue and generate a segmentation fault, but it looks like Asterisk 220.127.116.11 is not affected. I would still strongly recommend that anyone running 1.6.2.x still test this issue themselves as I didn’t do any extensive testing.
For AST-2013-005 I reproduced the issue on Asterisk 18.104.22.168 and triggered the expected crash. By reviewing the patch provided by the Asterisk team in the security advisory, and the Asterisk 1.6 source code, I created a new patch (AST-2013-005-22.214.171.124.diff) to address the issue. After applying the patch and recompiling the issue appears to be resolved.
So for anyone still running Asterisk 1.6.2 I strongly recommend you upgrade to a later release, but if that isn’t an option for you then the patch above should allow you to resolve the remote crash vulnerability that exists.
I hope this helps anyone still running an older asterisk release!
Every once in a while some of the work I do @ Primus is allowed to be released back to community and so I’m very happy to be able to announce the release of a project I’ve been working on in my spare time for the past few months – iaxproxy.org.
IAXProxy is an open source IAX2 to SIP Back-to-back Protocol Adapter (B2BPA) based originally off the source code for the Asterisk PBX project. The goal of IAXProxy is to allow anyone the freedom to integrate IAX2 based end-points seamlessly into a SIP environment. Previously interconnecting IAX based devices to a SIP based network was challenging at best, requiring the network operator to run dedicated Asterisk PBX’s to connect these devices. The result was that IAX2 based users were always “second class citizens” in a SIP environment – the SIP “core” was not aware of the device state of an IAX2 endpoint (registered/unregistered), etc. IAXProxy changes that by providing “surrogate registration” type functionality for IAX2 devices. When an IAX2 end point connects to IAXProxy the endpoint information is looked up in an internal in-memory database and assuming the IAX2 device passes authentication then a SIP Peer and SIP Registrar are created on the users behalf. When the IAX2 endpoint becomes unreachable the SIP Peer & Registrar are deleted. This allows the SIP network to be fully aware of the state of IAX2 devices and features such as Call Forwarding Unreachable to be provisioned at the SIP Server level.
The software is currently very “alpha” but it does work and allows you to make and receive calls using IAX2 devices to a SIP network and I’m continuing to do testing / bug fixing, etc. I’m currently looking for anyone interested in assisting with this project – I need help with testing, documentation, etc so if you are interested please let me know. You can download the initial release from http://www.iaxproxy.org or directly from GitHub (https://github.com/primuslabs/iaxproxy)
As you can tell, I’m very excited about this initial release and look forward to the community feedback. It’s a very niche project that only a very small number of people will find useful but for me I get a great sense of satisfaction in knowing that my creation is now free for anyone else to use / extend / improve.
Today I had the most interesting experience – someone attempted to “hack” my PC by phone. Around 3PM I got a call from “9-1227″ who claimed they were from my “PC Support Department” who informed me that my PC was running slow due to “corrupt files” and that they could help me diagnose and fix the problem. The caller got me to open “Event Viewer” (I had to lie about where I was clicking since he assumed I was using XP) and then informed me that every “error” and “warning” inside there was a record of a corrupt file and that my PC was dying.
This is where the fun started as he thought he had an idiot user on the phone and told me he would connect me to his senior tech who would help me solve the problem. At this point I started capturing the RTP from my phone. Here’s the audio from that call transcoded from G729 to MP3. If you listen to the call, you will hear how I play dumb for the entire time while he attempts to get me to go to “logmein123.com” and enter a code to let the repair person “fix” my PC. I let them connect to an XP VM I had lying around for a few minutes and they started to download some spyware application, so I killed the VM when the download was about 50% complete. They then called me back several times to try to get me to reconnect, but I explained that I was having internet issues and kept getting “Page Cannot be Displayed” to waste more of their time. In the end, I think they spent close to an hour trying to get me to let them on my PC.
What amazes me is that the value of hijacking a single PC is worth an hour of some random hackers time – I’ve never heard of this type of scam before and I’m sure that if I was an average PC user who wasn’t technically savvy I might believe that someone from the “support department” of the “PC company” was calling to help speed up my PC. So if you have any non-technical users in your life alert them to this new trend before they let some random person access their PC.
PS – logmein.com – you need an abuse department.
For the past month or so, there has been a large discussion on the Toronto Asterisk Users Group mailing list about SIP security and the increase in “brute force” attacks against hosts running Asterisk. The generally accepted solution is to use something like fail2ban to monitor log files and and block the offending hosts. This is a great way to add a layer of security to a server, but it’s reactive security, not proactive.
To help make things a bit more proactive, I’ve started a new project call CrowdSecure which aims to take intrusion attempt reports from users, aggregate the data, and produce a “blacklist” of hosts to proactively block at the firewall level before they even get a chance to start an attack.
The other benefit of the system is that unlike existing solutions (such as blockhosts) it is protocol agnostic, allowing users to report and obtain firewall rules for any protocol (HTTP, SIP, IMAP, SSH, etc). As an added benefit it supports real time lookup of data about an IP via an easy to use REST interface which will allow blog or other website owners to check a host submitting data (say a blog comment) in real time. For non-realtime applications, the system supports downloading of a list of hosts and the associated score, allowing system administrators to build firewall rules based on their own criteria.
I’m really excited about this project, and I hope I can get some momentum behind it. I am currently looking for people to assist with development, web design, and other aspects of this project, so let me know if you are interested in helping out.
Over the weekend I decided it was time to add another frontend to my existing MythTV setup so we could get live tv on our other TV. For a bit of background, my MythTV setup is using the Silicon Dust HD Homerun to deliver OTA HD content. So the requirements for the new front end were:
- Must support 1080P output
- Low power
- Capable of running Myth Frontend and XBMC (I still prefer XMBC for non-live content)
- Cost effective – the total build price needed to be sub $300
Previous to this upgrade, our living room TV was hooked up to an AppleTV and ran XBMC for playback of stored content. The system worked, but with events like the Olympics, the Oscars we were getting tired of having to watch them on the basement TV which was hooked up to the Myth backend. So with my requirements and goals in mind, I started researching for a new box that would meet my needs.
After doing a lot of research I found the Acer Aspire Revo AR1600-E910L which has an Intel Atom 230, 1.6Ghz, 1GB DDR2 SDRAM, 160GB, Nvidia ION LE Graphics with HDMI, HD Audio, eSATA, Wireless 802.11b/g/n, Gigabyte LAN and a Card Reader. This box turned out to be a perfect fit – $250 at Canada Computers and the Nvidia ION Graphics gave me the ability to run VDPAU support in MythTV to accelerate the HD playback. The other cool thing I didn’t realize is that the box comes with a wireless keyboard and mouse included – nice for the times when you have to do some tuning of the setup that can’t be done over SSH.
The first task after getting the box home was to install Mythbuntu on the machine. I tried using the ISO to make a USB stick, but the machine didn’t want to boot off a USB drive. I found a thread on the Ubuntu forums where someone had the same issue. I tried the suggestions in the thread, but nothing would get the machine to boot from USB. Luckily I had an existing server in my house and was able to Netboot the system. I won’t get into all the details of how to do that, but Ubuntu has great “How to Netboot” wiki page.
After getting Mythbuntu installed the only issue I had was “jumpy” playback of HD TV. After playing with the MythTV settings for playback I found the following changes made things perfect:
Under TV Settings->Playback
Page 1: Enable OpenGL vertical sync for timing (This resolved the “Jumpy video” issue)
Page 3: I added a simple profile, with one setting for all resolutions
Decoder: NVidia VDPAU acceleration
Video Renderer: vdpau
OSD Renderer: vdpau
Primary Deinterlacer: One Field (1x, Hw)
Fallback Deinterlacer: Advanced (1x, Hw)
And everything was perfect – the live TV is streaming from my HD Homerun to my MythBackend and then to my new Revo frontend. I’ve still got some work to do like setting up the media center remote, but my first impressions are that this box really has what it takes to be a killer Myth frontend.
For the past week I’ve been trying to write a Axis2 service that generates XML output that conforms to a set of XSD files. The first challenge was to get the XSD files into a “Java friendly” format, which I solved by using XMLBeans. I’m new to XMLBeans but it was pretty easy to pick up and within an hour or so I had all of my XSD files converted to some nice Java JARs that gave me access to the XML entities as objects and let me quickly create the XML output I was looking for. Given my initial success I figured it would be pretty easy to just insert the XMLBean generated JARs & code into my web service project, however every time I ran my code as part of my Axis2 webservice the output was missing xsi:type elements.
So at first I thought I’d done something wrong in XMLBeans with the XMLOptions, the JAR generation, or maybe even my XSD files, but after hours of trying different configurations and options my code was still dropping the xsi:type elements from my output. To debug the problem, I figured I’d try writing a simple java command line program to see if I could debug the issue, but when I ran my code as a standard Java application the output was what I was expecting:
<?xml version=”1.0″ encoding=”UTF-8″?>
<c:BroadsoftDocument protocol=”OCI” xmlns:c=”C”>
<command xsi:type=”AuthenticationRequest” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
However, when the exact same code was run under Axis2 & Tomcat in a servlet I was getting:
<?xml version=”1.0″ encoding=”UTF-8″?>
<c:BroadsoftDocument protocol=”OCI” xmlns:c=”C”>
This of course isn’t valid – the xsi:type of the “command” element is stripped when the code is run under Axis2/Tomcat.
I then wrote a simple servlet application to remove Tomcat as a suspect and my hunch was confirmed – the corruption only happened when running the code as part of an Axis2 web service.
Having finally narrowed down the issue to Axis2, I did some googling for that and found an exact post that mentioned a CVS checkin to resolve xsi:type issues with Axis2: http://marc2.theaimsgroup.com/?l=axis-cvs&m=115946726426905&w=3
After reading the post and discovering the “ServiceTCCL” option I had my solution – adding “<parameter name=”ServiceTCCL”>composite</parameter>” to the services.xml of my Axis2 project everything started to work as expected.
So now with a solution at hand I can actually get down to writing some code – it’s just too bad I had to jump through so many hoops to get there!
After the last round of issues with my 2010 Equinox stalling back in November the dealership finally resolved the issue after doing numerous oil changes to remove the debris from the engine block. With that problem behind me I though it would be smooth sailing going forward, but alas my car continues to have new and exciting issues.
The week before Christmas the HVAC control system turned itself off while I was driving and I couldn’t adjust the heat in the car – annoyed and now cold I called OnStar. The rep checked the GM database and he informed me the fix was to unplug the unit or restart the car. After restarting the car several times the unit finally came back on. I called my dealership the next day and they told me the same thing – there is no fix for the issue, just restart the car when it happens. Later that week a friend sent me a link to a US recall for the issue – but so far there is no recall for Canada.
Then on Christmas day my “Check Engine” light came on. Not wanting to drive the car with a potential issue we were forced to rearrange our Christmas plans to work around the vehicle issues – I’d like to personally thank GM for messing up my Christmas. After Christmas I got the car to the dealership who found the issue – it was with the air intake manifold and was a simple fix already in the GM database.
But I’m still stuck with the HVAC system randomly going off – it’s happened several times now and with winter conditions in Canada its not very safe to have your defrost and heating controls go offline while you’re driving. I talked to my dealership about the US recall, but since there isn’t a Canadian recall for the issue yet they can’t do anything. Wonderful.
I’ve got a call in to GM Canada to see if they can give me an ETA on when to expect a recall but I’m not holding my breath. At this point I’m just completely frustrated with my Equinox – every day I have to wonder what’s going to go wrong next.
If you’ve been following my blog, you’ll remember that yesterday I discovered that all the posts I made about my issues with my 2010 Chevy Equinox were removed from the Google search index sometime on Thursday. To test why they were removed, I put a copy of the same post on a static page and waited for Google to index it. The results are in – if you Google “My 2010 Equinox Story” my new static page comes up, but none of the other posts do.
So I’m baffled – how did my results get removed from Google? It’s very odd that only 3 pages of an entire site get dropped from Google and when the same content is posted under another URL it shows up again.
Update: 10:36 PM (4 minutes after I posted this article) – This post is already in Google’s index – so what happened to all my GM posts, and where did they go?
Something interesting happened to mgamble.ca over the past 24 hours in Google search results – all references to my posts about my 2010 Equinox have been removed, but every other page on my site is still in the google index. So far only the “My 2010 Equinox Story“, “GM Is Reading my Blog“, and my “GM Responds” posts have been removed. Now I’m not a conspiracy nut, but it’s a bit odd that only those 3 pages were removed from any Google search results, but the rest of the site remains. Normally if Google drops search results, they drop the whole site, not specific links.
So I’m trying a little experiment. I’ve updated my sitemap with a link to a static copy of “My 2010 Equinox Story” to see if it gets re-indexed by googlebot. If it does, that implies that the other pages were somehow removed from Google.
I’ll post another update in the morning once Google reindexes my site and I have a chance to review the results. All I can really say right now is that something really suspicious is going on.