So, how do we start?

First step: We will no longer use the words SIP, Brute, Force, and Attack. =)

What we’re talking about is a scheme to make expensive calls through your phone system. Of course, this isn’t true for all scenarios, but the vast majority simply want to make expensive calls on your dime.

How does it work?

The bad guys trick your phone system into thinking they are a valid user.

How can they do that?

When phones connect to your phone system, the system replies with different messages. Based on those messages, the bad guys can figure out phone names. Think of your phone system as the receptionist. An attempt might be similar to…

Bad Guy: “Hi, is Alice there?”
Receptionist: “No, there is no Alice here. You have the wrong number.”
Bad Guy: “Hi, is Bob there?”
Receptionist: “Yes, who may I say is calling?”

Basically, there’s a different response based on if that person exists in the company. Same thing with the phones. Once the Bad Guys find out phone names, they then use their computers to crack the phone password.

Once the password is detected, they connect their phone to your system and begin making calls.

What can I do to stop this?

If the person in charge of your phone system doesn’t understand what this attack is, you need to hire a consultant to help you and/or train your administrator. If you or your administrator understand this attack, then you need to make sure you are following the best practices for SIP security (here’s a good link for asterisk best practices).

If you’re running asterisk, you might wish to install a script that checks for attacks and blocks those connections.

Even better… consider Kamailio.

Kamailio (pronounced KAMA-ILLY-OH) is an open-source SIP proxy, registrar, application that is extremely robust and powerful. The software includes anti-flood features that really help protect your system and truly helps to minimize these annoying attacks.

Remember, the Internet is like a big city. Sure there’s great museums and entertainment, but there’s also bad, bad places filled with bad, bad people. If you’re going to leave your BMW unlocked in Hell’s Kitchen, don’t be surprised when it’s been taken around the block a few times.

ENUM (read the wiki) refers to the mapping of telephone numbers to internet addresses. Think of it almost as reverse DNS for your phone number. Although there are many methods of integrating ENUM into your system, our current “favorite” is ENUMPlus.org.

From their website:

ENUM sources are very segregated and there was no global repository – until now. ENUMPlus queries all of the top ENUM lookup sources and returns the most accurate result with minimal overhead; meaning you only need to specify one source. ENUMPlus allows you to offload all of the query processing to our powerful servers so you don’t have to waste time and precious resources.

Integrating ENUMplus into Asterisk can be very quick and there’s a few choices/methods of going about it. You can choose to use their php scripts, go direct from the dialplan, or run your own lookup script. Here, we’ve chosen to write our own lookup script that basically does the following:

1. Checks ENUMplus.org for a result (with a 2 second timeout)
2. Sets a variable of ENUMRESULT and returns to dialplan
3. The dialplan then evaluates that variable, and if a sip value is provided calls the number directly via SIP.

Here’s an example dialplan:

exten => _X.,1,Set(CALLTO=${EXTEN})
exten => _X.,n,Goto(out,1)
exten => out,1,AGI(enumcheck.pl,${CALLTO})
exten => out,n,GotoIf($["${ENUMRESULT}" = "FAIL"]?pstn)
exten => out,n,GotoIf($[${ISNULL(${ENUMRESULT})}]?pstn)
exten => out,n,Dial(${ENUMRESULT},55)
exten => out,n,GotoIf($["${DIALSTATUS}" = "CHANUNAVAIL" ]?pstn)
exten => out,n,GotoIf($["${DIALSTATUS}" = "CONGESTION" ]?pstn)
exten => out,n,GotoIf($["${DIALSTATUS}" = "BUSY" ]?busy)
exten => out,n,Hangup()
exten => out,n(pstn),Dial(SIP/${CALLTO}@yourprovider); or DAHDI, etc.
exten => out,n,GotoIf($["${DIALSTATUS}" = "CHANUNAVAIL" ]?busy)
exten => out,n,GotoIf($["${DIALSTATUS}" = "CONGESTION" ]?busy)
exten => out,n,GotoIf($["${DIALSTATUS}" = "BUSY" ]?busy)
exten => out,n,Hangup()
exten => out,n(busy),Busy(5)
exten => out,n,Hangup()

And here’s the script:

#!/usr/bin/perl -w
use strict;
$|=1;
my ($phone, $url, $apikey, $result, @sip);

while(<STDIN>) {
	chomp;
	last unless length($_);
}

if ($ARGV[0]) {
	$phone = &URLEncode($ARGV[0]);
} else {
	&setvar("ENUMRESULT", "FAIL");
	&printverbose("enumlookup: No CALLTO received.",2);
	exit(0);
}

#Get via WEB
$apikey = "REPLACE WITH YOUR KEY";
$url = "http://enumplus.org/api";

$result = qx(curl -m 2 -s -d 'key=$apikey' $url/$phone);

if ($result) {
	if ($result =~ /SIP/i) {
		@sip = split(/\|/, $result);
		&setvar("ENUMRESULT", $sip[0]);
		&printverbose("enumlookup: $sip[0]",2);
	} else {
		&setvar("ENUMRESULT", "FAIL");
		&printverbose("enumlookup: No sip address found.",2);
	}
} else {
	&setvar("ENUMRESULT", "FAIL");
	&printverbose("enumlookup: Timeout or error",2);
}

sub URLEncode {
   my $theURL = $_[0];
   $theURL =~ s/([\W])/"%" . uc(sprintf("%2.2x",ord($1)))/eg;
   return $theURL;
}

sub setvar {
	my ($var, $val) = @_;
	print STDOUT "SET VARIABLE $var \"$val\" \n";
	while(<STDIN>) {
		m/200 result=1/ && last;
	}
	return;
}

sub printverbose {
	my ($var, $val) = @_;
	print STDOUT "VERBOSE \"$var\" $val\n";
	while(<STDIN>) {
		m/200 result=1/ && last;
	}
	return;
}

Happy Coding!

Set up IP Tables

We will not be discussing the intricacies of iptables in this post. There are excellent tutorials on iptables, and with most things linux, help is only a google away. To help identify the traffic blocked as asterisk related, a new chain will be created appropriately called… asterisk.

Here’s how to add the new chain:

iptables -N asterisk
iptables -A INPUT -j asterisk
iptables -A FORWARD -j asterisk

This will help identify hosts blocked for failed registrations.

Asterisk’s Log for Failed Registrations

In most cases of a sip flood attack, the host attempts registration to Asterisk. These hosts are identified in the Asterisk log (/var/log/messages) as “No matching peer found.” The following perl script scans /var/log/messages for these patterns, strips the IP address, and puts the IP address into an array.

After the file has been read, the IP addresses are counted (each count is a failed attempt), compared against the existing blocked hosts, and new occurrences are blocked. With this script we are blocking any host after the 4th failed attempt.

Here’s the script (last updated 05 SEP 2010):

#!/usr/bin/perl -w
use strict;
use warnings;
my (@failhost);
my %currblocked;
my %addblocked;
my $action;

open (MYINPUTFILE, "/var/log/asterisk/messages") or die "\n", $!, "Does log file file exist\?\n\n";

while (<MYINPUTFILE>) {
	my ($line) = $_;
	chomp($line);
	if ($line =~ m/\' failed for \'(.*?)\' - No matching peer found/) {
		push(@failhost,$1);
	}
	if ($line =~ m/\' failed for \'(.*?)\' – Wrong password/) {
		push(@failhost,$1);
	}
}

my $blockedhosts = `/sbin/iptables -n -L asterisk`;

while ($blockedhosts =~ /(.*)/g) {
	my ($line2) = $1;
	chomp($line2);
	if ($line2 =~ m/(\d+\.\d+\.\d+\.\d+)(\s+)/) {
		$currblocked{ $1 } = 'blocked';
	}
}

while (my ($key, $value) = each(%currblocked)){
	print $key . "\n";
}

if (@failhost) {
	&count_unique(@failhost);
	while (my ($ip, $count) = each(%addblocked)) {
		if (exists $currblocked{ $ip }) {
			print "$ip already blocked\n";
		} else {
			$action = `/sbin/iptables -I asterisk -s $ip -j DROP`;
			print "$ip blocked. $count attempts.\n";
		}
	}
} else {
	print "no failed registrations.\n";
}

sub count_unique {
    my @array = @_;
    my %count;
    map { $count{$_}++ } @array;
    map {($addblocked{ $_ } = ${count{$_}})} sort keys(%count);
}

Schedule the script with cron

The final step is to schedule your script to run every X minutes in cron. We’ve chosen to run our script every 2 minutes, but you can change this to 1 minute or any other time period you choose. Just remember… you can receive thousands of attempts within 2 minutes.

If you have named your script check-failed-regs.pl and placed it in your /usr/local/bin directory, your cron statement would look like this:

*/2 * * * * perl /usr/local/bin/check-failed-regs.pl &> /dev/null

Questions? Comments? We love feedback. Or, contact us for more information.

#!/usr/bin/perl -w
use strict;
use warnings;
my (@failhost);

open (MYINPUTFILE, "/var/log/asterisk/$ARGV[0]") or die "\n", $!, "Does log file file exist\?\n\n";

while (<MYINPUTFILE>) {
	my ($line) = $_;
	chomp($line);
	if ($line =~ m/\' failed for \'(.*?)\' - No matching peer found/) {
		push(@failhost,$1);
	}
}

if (@failhost) {
	&count_unique(@failhost);
} else {
	print "no failed registrations.\n";
}

sub count_unique {
    my @array = @_;
    my %count;
    map { $count{$_}++ } @array;

	#print them out:

    map {print "$_ = ${count{$_}}\n"} sort keys(%count);

}

And while we duck from @Merlyn’s criticisms (although we love his criticism), the basic usage is:

perl [Whatever you named it].pl messages
or perl [Whatever you named it].pl messages.1

Results look like:

184.73.53.22 = 13586
64.76.45.100 = 9895
78.46.87.14 = 9960

Or “no failed registrations.” if you have no failed attempts.

Benefits

• Store faxes electronically
• Reduce printing costs
• Share faxes via email

Requirements

• Server running Asterisk (32 bit compatibility needed)
• Fax for Asterisk Software Add-on

Step One: Get the Fax for Asterisk Software License

First, choose the licensing based on your needs. If you will only need to support 1 simultaneous fax “session,” you may be interested in the Free Fax For Asterisk License. Digium provides the Free Fax for Asterisk software at no cost, limited one per installation of Asterisk. You can combine the Free Fax for Asterisk license with the paid Fax for Asterisk licensing if you will need additional simultaneous fax sessions.

For example, you can download and install Free Fax for Asterisk providing your system one (1) fax session. If you find you need additional simultaneous sessions, simply purchase a paid license (currently $39.99 per session).

To get the Fax for Asterisk software, go to the Digium Store. Once “purchased” you will receive your license via email.

Step Two: Download and Install the Fax for Asterisk Software

Once you’ve received your license, there are many small steps needed to download, register, and install the software.

• Download and run the registration software (outgoing network traffic to TCP port 443 (SSL) must be allowed)

cd /root
wget http://downloads.digium.com/pub/register/x86-32/register
chmod 500 /root/register
/root/register

• Complete the registration
• Go to http://www.digium.com/en/docs/FAX/faa-download.php and discover which files to download
• Download both the res_fax and res_fax_digium files
• Untar the res_fax file and copy it to the source file directory (example res_fax-1.6.0_1.0.3-x86_32.tar.gz)

tar xzvf res_fax-1.6.0_1.0.3-x86_32.tar.gz
cp /root/res_fax-1.6.0_1.0.3-x86_32/res_fax.so /usr/lib/asterisk/modules

• Untar and install the res_fax_digium software (example res_fax_digium-1.6.0_1.0.3-pentium4m_32.tar.gz)

tar xzvf res_fax_digium-1.6.0_1.0.3-pentium4m_32.tar.gz
cp /root/res_fax_digium-1.6.0_1.0.3-pentium4m_32/res_fax_digium.so /usr/lib/asterisk/modules

• Make a directory for your fax files

mkdir /var/spool/asterisk/fax

Step Three: Test if the Software Installed Correctly

Restart asterisk and test if that the fax module has loaded:

asterisk -rx "restart now"
asterisk -r
*CLI> fax show stats

If the software installed successfully, you should see something similar to:

Fax Statistics:
---------------

Current Sessions     : 0
Transmit Attempts    : 0
Receive Attempts     : 0
Completed Faxes      : 0
Failed Faxes         : 0
*CLI>
Digium T.38
Licensed Channels    : 1
Max Concurrent       : 0
Success              : 0
Canceled             : 0
No Fax               : 0
Partial              : 0
Negotiation Failed   : 0
Train Failure        : 0
Protocol Error       : 0
IO Partial           : 0
IO Fail              : 0
*CLI>
Digium G.711
Licensed Channels    : 1
Max Concurrent       : 1
Success              : 0
Switched to T.38     : 0
Canceled             : 0
No Fax               : 0
Partial              : 0
Negotiation Failed   : 0
Train Failure        : 0
Protocol Error       : 0
IO Partial           : 0
IO Fail              : 0

Step Four: Make a dialplan

Make a dialplan that fits your needs. Here’s an example for sending and receiving:

[inboundfax]
exten => s,1,NoOp(**** FAX RECEIVED from ${CALLERID(num)} ${STRFTIME(${EPOCH},,%c)} ****)
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FILENAME=fax-${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)})
exten => s,n,Set(FAXFILE=${FILENAME}.tif)
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FAXOPT(headerinfo)=Received by MYCOMPANY ${STRFTIME(${EPOCH},,%Y-%m-%d %H:%M)})
exten => s,n,Set(FAXOPT(localstationid)=5555551212)
exten => s,n,Set(FAXOPT(maxrate)=14400)
exten => s,n,Set(FAXOPT(minrate)=2400)
exten => s,n,NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)})
exten => s,n,NoOp(FAXOPT(headerinfo) : ${FAXOPT(headerinfo)})
exten => s,n,NoOp(FAXOPT(localstationid) : ${FAXOPT(localstationid)})
exten => s,n,NoOp(FAXOPT(maxrate) : ${FAXOPT(maxrate)})
exten => s,n,NoOp(FAXOPT(minrate) : ${FAXOPT(minrate)})
exten => s,n,NoOp(**** RECEIVING FAX : ${FAXFILE} ****)
exten => s,n,ReceiveFAX(/var/spool/asterisk/fax/${FAXFILE})
exten => s,n,Hangup()
exten => h,1,NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)})

[outboundfax]
exten => s,1,NoOp(send a fax)
exten => s,n,Set(FAXOPT(filename)=${FAXFILE})
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FAXOPT(headerinfo)=Fax from MYCOMPANY +1 555 555 1212)
exten => s,n,Set(FAXOPT(localstationid)=15555551212)
exten => s,n,Set(FAXOPT(maxrate)=14400)
exten => s,n,Set(FAXOPT(minrate)=2400)
exten => s,n,SendFAX(/tmp/${FAXFILE},d)
exten => h,1,NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)})

Step Five: Test

How do you test? Simple point an incoming number to inboundfax,s,1 and watch the magic happen. Faxes will be saved to /var/spool/asterisk/fax/ in tiff format.

But Wait! There’s More!

Sure, you could stop there, but wouldn’t it be neat to automatically email the received fax in pdf format? Using an AGI script, you can simply convert the tiff file into pdf format, attach it to an email, and off it goes!

Now, there are literally a thousand ways to do this. You can write your AGI scripts in the programming language of your choice; every language has it’s pros and cons. In our example, we’re going to demonstrate this process using a Perl script.

Install the Pre-reqs

You will want to install ghostscript to help convert the graphic files. On a centos install, this is as easy as typing yum -y install ghostscript. If you are using a different build you can install how you like or download the code directly from http://www.ghostscript.com/.

For the Perl pre-reqs, you will want to install a few packages from CPAN (to send mail and use smtp authentication):

perl -MCPAN -e shell
install MIME::Lite
install MIME::Base64
install Authen::SASL

Next create your perl script. In this case, call it receivedfax.pl and place it in /var/lib/asterisk/agi-bin:

#!/usr/bin/perl
use strict;
use MIME::Lite;

my ($msg,$stdinresult);

# $ARGV[0] = msgfrom, $ARGV[1] = msgto, $ARGV[2] = cidnum, $ARGV[3] = filename,
chomp($stdinresult = );

if ($#ARGV != 3) {
	print qq(VERBOSE "FAIL: 4 Arguments needed" 2\n);
	chomp($stdinresult = );
	exit(0);
}

system("tiff2ps -a /var/spool/asterisk/fax/$ARGV[3].tif | ps2pdf13 -sPAPERSIZE=letter - > /var/spool/asterisk/fax/$ARGV[3].pdf");

$msg = MIME::Lite->new(
	From => "$ARGV[0]",
	To => "$ARGV[1]",
	Subject => "FAX from $ARGV[2]",
	Type => 'multipart/mixed'
);

$msg->attach(
	Type => 'TEXT',
	Data => "Greetings.\n\nYou have received a fax from $ARGV[2]. (attached)\n\nSincerely,\nCOMPANY NAME\n\n"
);

$msg->attach(
	Type => 'image/pdf',
	Path => "/var/spool/asterisk/fax/$ARGV[3].pdf",
	Filename => "$ARGV[3].pdf",
	Disposition => 'attachment'
);

MIME::Lite->send('smtp', 'SMTP.SERVER.COM', Timeout=>60,
	AuthUser=>'MAILUSER', AuthPass=>'PASSWORD');

$msg->send;

system("rm -f /var/spool/asterisk/fax/$ARGV[3].pdf");

#example: receivedfax.pl "asterisk@mydomain.com" "JohnDoe@mydomain.com" 55512345678 fax-20091115-170217

Then, modify your dialplan to run the AGI script:

[inboundfax]
exten => s,1,NoOp(**** FAX RECEIVED from ${CALLERID(num)} ${STRFTIME(${EPOCH},,%c)} ****)
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FILENAME=fax-${STRFTIME(${EPOCH},,%Y%m%d-%H%M%S)})
exten => s,n,Set(FAXFILE=${FILENAME}.tif)
exten => s,n,Set(FAXOPT(ecm)=yes)
exten => s,n,Set(FAXOPT(headerinfo)=Received by MYCOMPANY ${STRFTIME(${EPOCH},,%Y-%m-%d %H:%M)})
exten => s,n,Set(FAXOPT(localstationid)=5555551212)
exten => s,n,Set(FAXOPT(maxrate)=14400)
exten => s,n,Set(FAXOPT(minrate)=2400)
exten => s,n,NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)})
exten => s,n,NoOp(FAXOPT(headerinfo) : ${FAXOPT(headerinfo)})
exten => s,n,NoOp(FAXOPT(localstationid) : ${FAXOPT(localstationid)})
exten => s,n,NoOp(FAXOPT(maxrate) : ${FAXOPT(maxrate)})
exten => s,n,NoOp(FAXOPT(minrate) : ${FAXOPT(minrate)})
exten => s,n,NoOp(**** RECEIVING FAX : ${FAXFILE} ****)
exten => s,n,ReceiveFAX(/var/spool/asterisk/fax/${FAXFILE})
exten => s,n,Hangup()
exten => h,1,GotoIf($["${FAXOPT(ecm)}" = "no" ]?end)
exten => h,n,AGI(receivedfax.pl,from@domain.com,to@domain.com,${CALLERID(num)},${FILENAME})
exten => h,n(end),NoOp(FAXOPT(ecm) : ${FAXOPT(ecm)}) 

You can even create a similar script to transform a pdf into a tiff file and send via outbound fax:

#!/usr/bin/perl -w
use strict;
use warnings;
sub random_name_generator($);

# usage: faxout.pl number filename
# example: faxout.pl 5555551212 myfax.pdf

if ($#ARGV != 1) {
	print qq(FAIL: 2 Arguments needed\n);
	exit(0);
}

my ($callto,$pdfname,$callfile,$filename);

$callto = $ARGV[0];
$pdfname = $ARGV[1];

my $tifname = $pdfname;
$tifname =~ s/.pdf/.tif/i;

system("gs -q -dNOPAUSE -dBATCH -sDEVICE=tiffg4 -sOutputFile=$tifname $pdfname");

if ($callto) {
	$filename = &random_name_generator(12).".call";
	open (MYFILE, ">>/tmp/$filename") or die $!;
	$callfile = "Channel: Local/$callto\@outboundialcontext\n";
	$callfile = $callfile . "MaxRetries: 1\n";
	$callfile = $callfile . "RetryTime: 60\n";
	$callfile = $callfile . "WaitTime: 60\n";
	$callfile = $callfile . "Archive: yes\n";
	$callfile = $callfile . "Context: outboundfax\n";
	$callfile = $callfile . "Extension: s\n";
	$callfile = $callfile . "Priority: 1\n";
	$callfile = $callfile . "Set: FAXFILE=$tifname\n";
	print MYFILE $callfile;
	close (MYFILE);
	system("mv /tmp/$filename /var/spool/asterisk/outgoing");
}

sub random_name_generator($) {
	my ($namelength, $randomstring, @chars);
	$namelength = shift;
	@chars = ('a'..'z','A'..'Z','0'..'9');
	foreach (1..$namelength) {
		$randomstring .= $chars[rand @chars];
	}
	return $randomstring;
}

Happy Coding!

They wrote the article in a Billy Mays style:

Limited Time Offer – Skype for Asterisk Public Beta

Team Forrest offers Asterisk Consulting Services for a wide variety of VoIP, Call Center, and other Telephony Based needs. From small, family business to large Corporations, Team Forrest’s simple philosophy of “Help the Client” ensures we provide great service to meet your needs.

Asterisk Consulting

From carrier services to traditional PBX services, Team Forrest’s Asterisk Consulting Service provides you the solution you need. Services include:

• IVR Development
• Custom AGI Scripting / Programming
• OpenSER Integration
• Calling Card Systems
• Call Center / Sales Queue Development
• Call Recording (call spying, call barging, whisper, etc.)
• Database Integration (Microsoft SQL MSSQL, MySQL, Oracle, etc.)
• Custom Solutions

Emergency Asterisk Support

When a problem comes along, we provide 24/7 Emergency Support to bring your system back to life. Both new and existing clients benefit from our immediate support response.

For immediate support please contact us or call +1 (212) 937-7844.

Remote and Onsite Support

Team Forrest offers immediate remote assistance across the globe. Local, onsite service is also available, with quick response to Michigan, Florida, and New York locations.

Asterisk? Ask us.

With Team Forrest, you get professional consulting at a great price — increased productivity at a lower cost. To see how Team Forrest can help improve your communication needs, contact us. We enjoy talking with clients and look forward to seeing how we can help you.

Asterisk, developed and released by Digium, Inc., is the world’s leading open source telephony engine and tool kit. Asterisk empowers communication with it’s flexibility. Whether working as a simple office telephone system, a robust Call Center platform, or anything in-between, Asterisk provides advanced features at a very low deployment cost.  Asterisk is released as open source under the GNU General Public License (GPL), and it is available for download free of charge. Asterisk is the most popular open source software available, with the Asterisk Community being the top influencer in VoIP.

Description: When configured with pedantic=yes the SIP channel driver performs extra request URI checking on an INVITE received as a result of a SIP spiral. As part of this extra checking the headers from the outgoing SIP INVITE sent and the received SIP INVITE are compared. The code incorrectly assumes that the string for each header passed in will be non-NULL in all cases. This is incorrect because if no headers are present the value passed in will be NULL.

The values passed into the code are now checked to be non-NULL before being compared.

Resolution: Upgrade to revision 174082 of the 1.4 branch, 174085 of the 1.6.0 branch, 174086 of the 1.6.1 branch, or one of the releases noted below.

The pedantic option in the SIP channel driver can also be turned off to prevent this issue from occurring.

Affected Versions

1.4.x (Versions 1.4.22, 1.4.23, 1.4.23.1)
1.6.0.x (All versions prior to 1.6.0.6)
1.6.1.x (All versions prior to 1.6.1.0-rc2)
C.x.x (Only version C.2.3)

If you need assistance in updating or reviewing your Asterisk installation, please contact Team Forrest today.

To encourage the improvement and testing of larger-scale Asterisk systems, I’d like to repeat here what I mentioned today on the asterisk-dev mailing list: I’m putting out a semi-official challenge in place. The first person to get an Asterisk system moving 10,000 G.711 call legs through a single instance on a single machine will get a first-class steak dinner at Astricon. And a great bottle of wine, if that is your preference.

To read more about the contest, check out the official post at Digium.

The announcement issued follows:

The Asterisk.org development team has announced the release of Asterisk 1.2.31.1, 1.4.22.2, 1.4.23.1, and 1.6.0.5. These releases are available for immediate download from http://downloads.digium.com/.

This update for Asterisk includes a security fix for chan_iax2. Please see the associated security adivisory for more details:

http://downloads.digium.com/pub/security/AST-2009-001.html

These updates are a fix to a previous security release (released as versions 1.2.31, 1.4.22.1, and 1.6.0.3).

The new versions are being released after additional testing revealed some issues with the way that scanning for users was blocked. Those issues have been corrected in this release.

This security issue affects the 1.2, 1.4, and 1.6 series of Asterisk.

Also note, that Asterisk 1.6.0.4-rc1 was released yesterday prior to the security update. That release has been removed as there will be no 1.6.0.4 release, but rather will be reincarnated as 1.6.0.6-rc1. The reason for the dead release is to avoid 5 digit release numbers.

ChangeLogs for the various releases are available at:

http://downloads.digium.com/pub/asterisk/ChangeLog-1.2.31.1

http://downloads.digium.com/pub/asterisk/ChangeLog-1.4.22.2

http://downloads.digium.com/pub/asterisk/ChangeLog-1.4.23.1

http://downloads.digium.com/pub/asterisk/ChangeLog-1.6.0.5

Thank you for your continued support of Asterisk!

If you would like assistance with upgrading your software, or simply would like us to verify which version you are using, please contact Team Forrest today. We will be glad to assist you.