Opening Compressed PCAPs with SNGREP

The wonders of troubleshooting SIP never cease. Ever try to open a pcap with sngrep only to get the following error? Couldn't open pcap file XYZ.pcap: unknown file format And then, even though you hate looking at SIP on wireshark, you are left wondering… Why does this file open in Wireshark, but not in sngrep? Well, most of the time, this is because the pcap file is actually compressed. Easy fix....

July 14, 2022 · 1 min · Fred Posner

ITEXPO 2022

Well, ITEXPO 2022 has come and gone. I think there were perhaps 2-3 other people at the conference who wore a mask. This said, I did return home without covid… The presentation was interrupted by a fire alarm. Apparently some idiot decided it would be fun to smoke in the bathroom. Wasn’t cool in the 80s, still isn’t cool today. Anyway… Unfortunately, coordination was very lacking at the event and no information regarding extending time made it to any of the presenters/attendees in our room....

July 6, 2022 · 1 min · Fred Posner

Thoughts on the Astricon 2023/ITEXPO announcemnent

Sangoma recently announced that Astricon 2023 will be co-located with ITEXPO in Fort Lauderdale. Here’s their exact announcement: With tremendous excitement, we officially announce the return of an in-person AstriCon. We will ease into the in-person event by co-locating AstriCon at ITEXPO on February 13-17, 2023, in beautiful Fort Lauderdale, Florida. The longest-running open source convention, AstriCon, celebrates open source projects featuring Asterisk and FreePBX. The event will include two tracks, sessions, and an EXPO hall....

June 3, 2022 · 4 min · Fred Posner

APT fails: NO_PUBKEY

Ever get an error like this when running an apt update? The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B4D2D216F1FD7806 or W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://download.jitsi.org stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B4D2D216F1FD7806 W: Failed to fetch https://download....

April 1, 2022 · 1 min · Fred Posner

Kamailio Install Module Git

Generally, when I deploy Kamailio, I use git. Many reasons for this (including being able to quickly apply a patch or fix), but that’s a discussion for another time. If you’ve installed from git and need to add a new module (that hasn’t already been built/installed), the process is very straight forward (and simple). Step 1: Install Dependencies Some modules require libraries to be installed. For example, the jansson module wants the jansson library to be installed....

December 16, 2021 · 1 min · Fred Posner

Freeswitch 1.10.7 Released

The major announcement at ClueCon 2021 was the release of FreeSWITCH 1.10.7. Highlights from this release: fixes for security advisories (upgrade today) support for Debian 11 bug fixes etc There’s a great presentation from Sandro Gauci regarding the story behind some of the vulnerabilities he (and his team) discovered/submitted. Included in his story, is one of my favorite moments from Kamailio World. Read More Enable Security: Killing bugs … one vulnerability report at a time Speaker Deck: Sandro’s slides from ClueCon FreeSWITCH 1....

October 29, 2021 · 1 min · Fred Posner

APIBAN Now Has IPset

APIBAN helps prevent unwanted SIP traffic by identifying addresses of known bad actors before they attack your system. Bad actors are collected through globally deployed honeypots and curated by LOD/APIBAN. APIBAN started from discussions at tech conferences (in particular Kamailio World and Astricon). Most of the attendees had seen increases in malicious SIP traffic and we all thought there should be a way to share the active “bad actors.” When I found myself with some downtime, and with the support of LOD, some honeypots were deployed… and API made to share the data, and APIBAN was born....

October 21, 2021 · 2 min · Fred Posner

Handling Non-SIP Attacks With Kamailio

Recently, I posted about using Kamailio’s PIKE module to help block excessive SIP traffic. This is a great tool for helping your system handle high traffic SIP, such as floods. But, what can you do when someone sends garbage or non-SIP traffic to your system? Kamailio’s SIP parser is handled in the core and was recently upgraded in v5.5 with logging improvements, as well as simplified implementation, static map for header name, and type for parsing....

October 1, 2021 · 3 min · Fred Posner

Handling SIP Flood Attacks Using Kamailio

The Pike module in Kamailio provides detection and alerting of “excessive” SIP traffic to your system. Within the module you can configure the rate limit, time period, and amount of time that the IP (ipv4 or ipv6) should be blocked. For example, you can configure your system to say that 30 requests from the same IP within 5 seconds should trigger a block of that IP for 5 minutes. I absolutely love this module and, in my case, Pike more often finds abusive traffic (like dialers) than SIP floods attacks....

September 26, 2021 · 3 min · Fred Posner

Simple TLS Gateway

Well, 2020 is certainly a strange year… Some of us have been working from home for a very long time while others are now just understanding the benefits. Of course, when a drastic change in work environment becomes a forced change, the implementation can be quite daunting. Let’s look at telephony for example. Many small, medium, and even enterprise PBX deployments have been designed to only allow endpoints (aka phones) to connect from within the local network....

May 5, 2020 · 2 min · Fred Posner