Spoofing caller ID with Asterisk

  1. Setup Asterisk
  2. Signup with Voice Pulse or any provider that allows you to specify your ANI
  3. Follow their manually configuration which can be found here https://www-business.voicepulse.com/Secure/Setup/Setup.aspx
  4. Below is a screen shot of my trunks.   Under the general settings under outbound caller id.  This is where you enter the phone number that you want to show up on the caller id.  Click on this picture to enlarge so you can see all the settings.
  5. 1

 
Here is a screenshot of my routes.  There are a few things to keep in mind here.  For your dial patterns enter the phone number that you will be calling with the spoofed caller id number.  You may want to enter it in all of the following formats.
19999999999
9999999999
9999999
This way when you dial the number that you are trying to make a victim of the spoof it knows to use the VoicePulse route.
2
 

Manual Configuration of Voice Pulse

(Updated Aug 20, 2008)
  1. If you have a packaged version of FreePBX (trixbox, PBX-in-a-Flash, etc) it is highly recommended that you use the FreePBX module from the section above.
  2. Print this page for reference before you start
  3. Login to your server via the web interface using a browser
  4. Click on Trunks > Add SIP Trunk
  5. Outgoing CallerID: 0000000000 (10-digits only)  The name you set here will NOT be sent when you call regular PSTN lines.
  6. Maximum Channels: Enter the number of channels you have purchased, 4 by default
  7. If you are closer to San Jose, CA, use “sjc” instead of “jfk” (New York, NY) in the settings below.
  8. Dial Rules:
    • 011|.
    • 1NXXNXXXXXX
    • 1+NXXNXXXXXX
    • 1732+NXXXXXX  ;<– Replace 732 with your area code
  9. Outbound Dial Prefix: +
  10. Trunk Name: VP-SIPJFKA
  11. Peer Details:
    • type=peer
    • host=jfk-primary.voicepulse.com
    • qualify=5000
    • allow=all
    • canreinvite=no
    • username=Your Login from the Credentials Page
    • secret=Your Password from the Credentials Page
    • dtmfmode=rfc2833
    • rfc2833compensate=yes
    • insecure=port,invite
    • trustrpid=yes
  12. User Context: leave blank
  13. User Details: leave blank
  14. Register String: Login:Password@jfk-primary.voicepulse.com (use the Login and Password from the Credentials page)
  15. Click “Submit Changes”
  16. Repeat steps 4-14, except use VP-SIPJFKB and jfk-backup.voicepulse.com in place of VP-SIPJFKA and jfk-primary.voicepulse.com. You now have redundant trunks to VoicePulse!
  17. Click on Outbound Routes > Add Route
  18. Route Name: VP-OUT
  19. Dial Patterns: Insert pre-defined patterns for Toll-free, Long Distance, and International
  20. Trunk Sequence: Select SIP/VP-SIPJFKA, Click Add, Select SIP/VP-SIPJFKB, Click Add
  21. Click “Submit Changes”.  You now have an outbound route to VoicePulse which will try both trunks defined earlier for toll-free, long distance and international calls.
  22. Click on Extensions > Add SIP Extension
  23. Extension Number: 101
  24. Display Name: John Doe
  25. Outbound CID: “John Doe” <0000000000> (include the “” and <>)
  26. Secret: The SIP password for the SIP phone that John Doe is using
  27. Click “Submit”.  You how have an extension that users can reach by dialing 101.  You should try to get your SIP device to register to your FreePBX server now using the extension number as the username and the secret as the password.
  28. Click Inbound Routes > Add Incoming Route
  29. DID Number: A phone number from your Numbers page (MUST use 11-digits: 17323395100)
  30. Set Destination: Select the Extensions radio button and select John Doe <101>
  31. Click “Submit”.  You have now created an inbound route that will send all incoming calls to your phone number to John Doe’s phone.
  32. Repeat steps 19-29 for each phone number to user mapping you would like to define.
  33. Restart Asterisk
  34. Test incoming and outgoing calls from John Doe’s phone.

Configuring postfix to use an SMTP relay

If you are like me and your ISP blocks SMTP outbounnd traffic then you need to configure your mail client to use an SMTP relay to get around this problem.  Here are the steps.
 
vi /etc/postfix/main.cf
do a search for relayhost = and change it to your SMTP server of your ISP see my example below.
relayhost = smtp.west.cox.net
/etc/init.d/postfix restart

Installing webmin on Trixbox server

wget http://internap.dl.sourceforge.net/sourceforge/webadmin/webmin-1.450-1.noarch.rpm
rpm -i webmin-1.380-1.noarch.rpm
Now you can login via https://192.168.2.5:10000/ Replace with your IP address.

Installing Trixbox(Asterisk) on an ESXi server

Install stage:
1. Download the Trixbox ISO. This will probably take ~1 hour.
2. Create a new virtual machine in ESXi with the following options

  • Typical
  • Linux other 32-bit
  • 1024 for memory
  • 10gb disk
  • 3. Follow this blog to mount the ISO as a virtual Cd-rom. https://itsupportconsulting.com/blog/?p=366
    4. Power on the virtual machine

  • Push at the main screen
  • I’m getting an error saying
  • The Trixbox CD was not found in any of your CDROM drives. Please insert the Trixbox CD and press OK to retry.

  • I’m going to try re-uploading the ISO to my ESXi server.
  • This did not work

  • Going to try and re-download the ISO then re-upload it to ESXi
  • Well I could not get this problem resolved so I’m just going to download the Trixbox Vmware appliance. It is 2.6.1 as opposed to 2.6.2 but you can always upgrade after the install. Here is the link.
    1. Ok the first step here I’m going to use vCenter converter to import this virtual appliance into my ESXi server.
    2. Converting is very simple once the program is installed click on the “Convert Machine” button which will bring up this window.
    1
    3. What you want to do is browse to the file we downloaded in the previous step after it is unzipped. trixbox 2.6.1-vmware.vmx
    4. Once you click next it will ask you to supply your login to your ESXi server.
    5. The next step allows you to rename your VM to whatever you want and select your data store.
    6. The next step allows you to change your hardware settings for the virtual machine. I’m going to change two settings here:
    Change to a 10gb disk

  • Change the memory from 512 to 1024
  • 7. Once you click next you are ready to start your conversion. Now keep one thing in mind. This converter has to upload the large file we downloaded to the server. So if you are on a time crunch and are on wireless make sure you hardwire and disable your wireless. This will ensure you save the most time.
    Configuration phase:
    1. Ok now that we have the virtual machine install make sure it is powered on. It uses DHCP so you need to figure out what IP address it got. This can be accomplished by logging in to the Trixbox console with username root and password trixbox. Once you get the # type in ifconfig. This will display the IP.
    2. This is going to be a server so we will want to configure a static IP or else it will be getting using DHCP which could cause all types of problems down the road.

  • vi /etc/sysconfig/network-scripts/ifcfg-eth0
  • DEVICE=eth0
    ONBOOT=yes
    BOOTPROTO=none
    BROADCAST=192.168.2.255
    IPADDR=192.168.2.3
    NETMASK=255.255.255.0
    NETWORK=192.168.2.0
    now press esc and :wq to save changes and quit

  • vi /etc/resolv.conf
  • nameserver 68.2.16.30
    nameserver 68.2.16.25
    now press and :wq to save changes and quit
    The next step I recommend is opening your Trixbox server from a web browser:
    http://192.168.2.5/maint
    Click on the packages link at the top so we can update our software to the latest version. When I clicked on mine i received the following error:
    Error: The xml response that was returned from the server is invalid. Received:
    alert
    To fix it I was able to type the following from the command line:
    vi /etc/service.php
    From here find the section below and change
    max_execution_time = 300
    memory_limit = 256
    This may not work for you but it did resolve my problem.
    commands
    Once you changed this type the following to restart the http daemon:
    service httpd restart
    Now I am able to successfully open:
    http://192.168.2.5/maint/index.php?packages
    From here I’m going to go down and check every box in the “upgrade” column this way all of my software installed on the server is up to date.
    While trying to install a couple of the updates I’m receiving the following error:
    Error: Missing Dependency: libtds.so.5 is needed by package asterisk
    To fix it:
    yum install libtds.so.5
    Ok now that everything is downloaded and installed I’m going to configure some SIP trunks. I personally use Broadvoice for terminating my voice lines. However, there are tons of service providers out there. Here are my steps.
    Open internet browser to http:///admin
    First thing I’m going to do is edit the trunks
    480+NXXXXXX
    9|1480NXXXXXX
    9|1602NXXXXXX
    9|1623NXXXXXX
    602NXXXXXX
    480NXXXXXX
    623NXXXXXX
    1480NXXXXXX
    1602NXXXXXX
    1623NXXXXXX
    1NXXNXXXXXX
    NXXNXXXXXX
    01130.
    01131.
    01132.
    01133.
    01134.
    011351.
    011352.
    011354.
    011358.
    01139.
    01141.
    011423.
    01143.
    01144.
    01145.
    01146.
    01147.
    01149.
    01152.
    01.
    For trunk name you can put whatever you want
    For peer details I’m using the following:
    username=<em>
    </em>
    user=phone
    type=peer
    secret=<em>
    </em>
    nat=yes
    insecure=very
    host=sip.broadvoice.com
    fromuser=<em>
    </em>
    fromdomain=sip.broadvoice.com
    dtmfmode=inband
    dtmf=inband
    context=from-pstn
    canreinvite=no
    authname=<em>
    </em>
    For user context I’m using the following sip.broadvoice.com
    For user details I’m using:
    username=<em>
    </em>
    user=<em>
    </em>
    type=user
    secret=<em>
    </em>
    nat=never
    insecure=very
    host=sip.broadvoice.com
    fromdomain=sip.broadvoice.com
    dtmfmode=rfc2833
    dtmf=rfc2833
    context=from-pstn
    Register string:
    <em>
    </em>@sip.broadvoice.com:<em>
    </em>:<em>
    </em>@sip.broadvoice.com/<em>
    </em>
    Click submit changes.

    Changing the default password for Asterisk freePBX

    You need to change the default password for Asterisk freePBX or else the entire world will know it. You can do it by SSH to the server and typing:
    mysqladmin -u asteriskuser -p password newpass
    It will then prompt you for the old password which should be amp109 then it will be changed.
    Once it is changed you must update the following files:
    /etc/amportal.conf
    /etc/asterisk/cdr_mysql.conf
    /etc/asterisk/res_mysql.conf

    7940/7960 SIP settings for Asterisk

    Settings>Sip configuration>Line 1 Settings
    Name = extension
    Shortname = extension
    Authentication Name = extension
    Authentication Password = Password set on server
    Display name = extension
    Proxy Address = IP of voice server(FQDN did not work for me for some reason)
    Proxy Port = default of 5060
    Settings>Sip configuration
    Make sure the register expires setting is set to 600. I’ve had problems where I could not receive incoming calls because this was set at the default of 3600.

    My Linux Asterisk server getting hacked!

    After seeing numerous entries to hack my linux box I decided it is time to learn how to implement iptables for security.
    A copy of the log file an be found here log-file.
    The way I can tell I’m being attacked is if I open my /var/log/messages file, which you can see in its entirety below. I see what appears to be a brute force SSH attack. I can see the attackers IP is 211.151.64.106. If I do a Arin lookup on this IP I see the network is in Asia and the ISP owns 210.0.0.0 – 211.255.255.255. Lucky for me I don’t need anyone in Asia access my box so I’m going to block this entire network.

    First thing I need to do is very iptables is installed by typing:
    iptables

    The return I get is below this is good means iptables is already installed:
    Try `iptables -h’ or ‘iptables –help’ for more information.
    Next thing I need to do is list my current iptables rules:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    You can see from these rules I have absolutely none configured.
    Next I’m going to add my rules to block the IP that is attacking my machine:
    iptables -A INPUT -s 210.1.1.1/8 -j DROP
    iptables -A INPUT -s 211.1.1.1/8 -j DROP
    iptables -A INPUT -s 212.1.1.1/8 -j DROP

    These are actually entire subnets that I’m blocking because they’re registered in Asia and my server doesn’t need to communicate with this ISP anyways.
    The next thing I’m going to do is save my active iptables to my startup iptables so that these rules load when my computer reboots:
    /etc/init.d/iptables save active
    The next thing I’m going to do is reboot my server and verify these rules still exist:
    shutdown -r now
    Once the PC is back online I verify my rules:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    DROP all — 210.0.0.0/8 anywhere
    DROP all — 211.0.0.0/8 anywhere
    DROP all — 212.0.0.0/8 anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    You can see now that I have 3 active rules which will block all incoming communication from these three IP addresses.
    Now don’t get me wrong I’m no Unix expert and I’m sure there is a way to combine all of these into one but I don’t feel like trying to figure out what it is right now. So this should get the job done.
    If you want to delete any of these rules you can type the following respectively:
    iptables -D INPUT 1
    iptables -D INPUT 2
    iptables -D INPUT 3

    These three commands will effectively delete all of the entries I’ve made.
    After going through my log file and blocking out all these IP’s I noticed a trend. They are all registered to foreign countries. Luckily for me my voice server doesn’t need to communicate with these countries. So I’ve decided to block all traffic to the Asian continent. You can do the same by copying and pasting the code here:
    iptable-entry-syntax1 
    A note on this if you decide you want to start over from scratch you can delete all of your chains by typing in
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -F
    iptables -X

    My next step here is monitoring my /var/log/messages for awhile realtime to make sure I’m not getting attacked still. I can do this by typing the following:
    tail -f /var/log/messages

    Can't get your linux server to reboot

    I currently ran into a problem with my voice server which runs asterisk on a linux platform. I receive the following error after trying to reboot:
    # reboot
    bash: /sbin/reboot: Input/output error
    # shutdown -r now
    bash: /sbin/shutdown: Input/output error
    From my understanding this problem is most common related to problems with the hard drives in the server. I was able to get these commands to work after I did a remote reboot through my APC rebooter website. If the server was located locally I would have manually rebooted it.
    Upon further investigation I checked my /var/log/messages file. I found the following:
    Feb 9 00:13:15 voice kernel: Non Fatal error on ida/c0d0
    Feb 9 00:13:15 voice kernel: Fatal error on ida/c0d0
    Feb 9 00:13:15 voice kernel: Buffer I/O error on device ida/c0d0p2, logical block 3823704
    Feb 9 00:13:15 voice kernel: lost page write due to I/O error on ida/c0d0p2
    I actually think the problem here is due to the fact that someone is port scanning my server which is some how locking up all of my resources. See my next blog for what I did to correct the problem.

    Wish your voip was throughout your entire house?

    How many people have voip and think they are limited to putting an analog phone next to their internet connection. I have a solution for you where if you want to switch to voip and keep all of your old analog phones. What you can do is purchase an ATA or if you have Vonage, Broadvoice, or another popular voip provider all you need to do is this. Go out to the little box where Qwest dropped your phone line when you used to have the old analog service. Disconnect the wire that comes from the ground. This will completely segregate your house from any type of analog provider. Then you can simply take a normal phone cable from your voip providers box and plug it into any jack in your house. Congratulations now you can plug an analog phone into any jack in your house and be connected to your ATA.

    Hudlite for Asterisk

    Hudlitefor Asterisk is one of the best add-ins for your Trixbox server. It allows you to install a Windows client on your PC. When your phone rings you can transfer it to any other extension or to a custom phone number. It also has the ability to park calls, send to voicemail, integrate to outlook, enterprise instant messaging, on the fly recording, and call monitoring. All of this for free!