News items for tag voip - Koos van den Hout

There is a museum in Seattle called the Connections Museum and it is on my "If I ever visit that part of the world" list. The reason I found it because one of the volunteers likes to make videos for youtube about the equipment in the museum and the youtube suggestions are on to me.

with an interest in phone phreaking in my history this is a very interesting channel. They recently had a video on how blue boxing *actually* worked, including a demonstration of how the switch actually responds to the blue box tones. This made me go "oh now I get it" for details on blue boxing.

In the latest youtube video is an explanation that they run asterisk as one way of connecting all their historic phone exchanges. The historic phone exchanges are also connected using direct interconnects. Video announced in In case you haven't seen the latest bit of ridiculous hacking ;) - Connections Museum on Twitter. Video at Is this the world's oldest Linux peripheral? - Connections Museum

If I understand the remark about asterisk and Collectors' Net / Phreak Net correctly it should be possible to dial into the old exchanges at the museum from either of those networks.

From 2008 to 2013 I played for a while on the Collectors' Net to test my asterisk experiments but when I got less interested and reduced my phone setup at home to a simple voip base again I stopped being a member of Collectors' Net. Maybe I should get back on one of those networks and get something going again! It would be awesome to have an option to dial into the old hardware at the Connections Museum and actually end up in a phone switch from 1923 using a VoIP phone on my side. Or dig up a pulse-dial capable ATA and dial in using the original T65 rotary phone.

Today a missed call from +99994723523. There is no country code +999 so this is as fake as it can be for a caller-id.

And still caller-id is treated as very valuable evidence by the police, but that is a different rant.

A google search for the number suggests this is a number used by the Microsoft support scam. Nobody was available to be scammed.

SIP scanning going on again, probably related to Security advisory: suspected telephone misuse in fritzbox systems. My Internet provider xs4all uses fritz!box devices by default and I already heard about one case of abuse.

The SIP scan in tshark:

Frame 376 (457 bytes on wire, 457 bytes captured)
    Arrival Time: Feb  5, 2014 18:00:07.447662000
    [Time delta from previous captured frame: 36.927214000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 6100.139111000 seconds]
    Frame Number: 376
    Frame Length: 457 bytes
    Capture Length: 457 bytes
    [Frame is marked: False]
    [Protocols in frame: sll:ip:udp:sip]
Linux cooked capture
    Packet type: Unicast to us (0)
    Link-layer address type: 512
    Link-layer address length: 0
    Source: <MISSING>
    Protocol: IP (0x0800)
Internet Protocol, Src: 188.138.41.34 (188.138.41.34), Dst: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 441
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 53
    Protocol: UDP (0x11)
    Header checksum: 0x475e [correct]
        [Good: True]
        [Bad : False]
    Source: 188.138.41.34 (188.138.41.34)
    Destination: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
User Datagram Protocol, Src Port: 5079 (5079), Dst Port: sip (5060)
    Source port: 5079 (5079)
    Destination port: sip (5060)
    Length: 421
    Checksum: 0xc761 [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
Session Initiation Protocol
    Request-Line: OPTIONS sip:100@xxx.xxx.xxx.xxx SIP/2.0
        Method: OPTIONS
        [Resent Packet: False]
    Message Header
        Via: SIP/2.0/UDP 62.75.212.215:5079;branch=z9hG4bK-1039150734;rport
            Transport: UDP
            Sent-by Address: 62.75.212.215
            Sent-by port: 5079
            Branch: z9hG4bK-1039150734
            RPort: rport
        Content-Length: 0
        From: "sipvicious"<sip:100@1.1.1.1>;tag=3532356663346361313363340132393433303934303439
            SIP Display info: "sipvicious"
            SIP from address: sip:100@1.1.1.1
            SIP tag: 3532356663346361313363340132393433303934303439
        Accept: application/sdp
        User-Agent: friendly-scanner
        To: "sipvicious"<sip:100@1.1.1.1>
            SIP Display info: "sipvicious"
            SIP to address: sip:100@1.1.1.1
        Contact: sip:100@62.75.212.215:5079
            Contact Binding: sip:100@62.75.212.215:5079
                URI: sip:100@62.75.212.215:5079\r
                    SIP contact address: sip:100@62.75.212.215:5079\r
        CSeq: 1 OPTIONS
            Sequence Number: 1
            Method: OPTIONS
        Call-ID: 37933976157019277147119
        Max-Forwards: 70

Source IPv4 was 188.138.41.34, Plusserver AG. Interesting pointer at IPv4 address 62.75.212.215, a different IPv4 range at Plusserver AG.

Interesting incoming caller-id in the logs: 003960. Country code 396 is the Vatican so maybe their switchboard got tired of the calls by phreakers and started calling back. Not that I ever did such a thing. The conclusion that this was faked is more appropiate.

An interesting twist in the microsoft support scam calls: 7 call attempts within 2 seconds. So asterisk can only forward the first 2 calls to the isdn phones in the house and the next five go to voicemail instantly.

sqlite> select src,start,answer,end from cdr where .. order by start;
0016077329064|2013-08-14 13:12:16|2013-08-14 13:12:47|2013-08-14 13:12:53
0016308599364|2013-08-14 13:12:16|2013-08-14 13:12:47|2013-08-14 13:12:52
0015852439807|2013-08-14 13:12:17|2013-08-14 13:12:18|2013-08-14 13:12:40
0017187455293|2013-08-14 13:12:17|2013-08-14 13:12:18|2013-08-14 13:12:23
0016073249764|2013-08-14 13:12:17|2013-08-14 13:12:17|2013-08-14 13:12:23
0016073639777|2013-08-14 13:12:17|2013-08-14 13:12:17|2013-08-14 13:12:22
0016265749227|2013-08-14 13:12:17|2013-08-14 13:12:17|2013-08-14 13:12:22

Bug in the call handling on the scamming side? Nobody was available to be scammed.

De laatste tariefsverhoging van KPN voor het vaste net, met als excuus uitleg:

Steeds minder mensen maken gebruik van de vaste telefoon waardoor de kosten per gebruiker stijgen. Daarom zijn wij genoodzaakt om enkele tarieven te verhogen.

maakte het tijd om een portering aan te vragen naar een VoIP aanbieder. Per maand betaal ik voor ISDN1 met belvrij weekend straks EUR 23.43 (was EUR 21.24).

ISDN is een hele mooie technologie, en ik vind het jammer om er minder mee te doen, maar de tarieven zijn dusdanig dat het de moeite is om met VoIP te gaan bellen. SIP geeft me zeker bij een provider die het goed implementeert en weet dat er mensen asterisk gebruiken vergelijkbare signalering en informatie. Een Internet aansluiting willen we toch altijd wel hebben dus de telefonie kan daar ook overheen.

Upside of using asterisk for the home telephony: it's quite easy to browse the call detail records and do some calculations on them. So when our fixed line provider came with yet another price increase it was time to shop around for better options. And comparing rates is a lot easier when you have an exact log of how many calls for how long to which destinations were made in the previous months.

I'll miss the high level of control and call-progress indication ISDN offers, but prices for SIP accounts are a lot better and call-progress for SIP is comparable to ISDN.

Interesting new twist between all the attempts to reach Palestinian cell phone numbers: one try to reach the US embassy in The Hague. I guess someone attempting to abuse my SIP server thought maybe just international calls are blocked and used a number which is easy to find from abroad. Incoming audio was recorded, but it's a recording of pure silence.

Vandaag een PTT Ericsson model 51 DTMF geleerd met behulp van de DTMF omzetter van picbasic.nl met ondersteuning voor PTT Ericsson model 51. Een wandtoestel wat een ontwerp is uit 1951. Het toestel wat we onderhanden hadden had een productiedatum 'VII 1964', vermoedelijk dus juli 1964. De PTT W65 is de opvolger hiervan.

Na het werkend krijgen van de DTMF omzetter hebben we het toestel aangesloten op een Cisco ATA 186 die gekoppeld is met de asterisk testcentrale zodat we de sprekende klok in asterisk en het weerbericht in asterisk konden bellen. En natuurlijk de telefoon laten rinkelen!

I just found Intercept Service with Jane Barbe where ElmerCat has put a lot of time and energy into saving, splitting and digitizing phone phreaking recordings. My first thought was to take the Jane Barbe recordings and set up a few intercepts of my own. Maybe for playing with the people who try to break in to my asterisk testserver or (more constructive) to set up a Jane Barbe intercept service which can be used on Collectors*Net.
Found (unsurprisingly) via "1000 Abstract Machines" ... and a New Generation of Phone Phreaks? - The History Of Phone Phreaking.

Update: Ok, using the 'Jane Barbe' digits in Asterisk isn't very hard. Download the .mp3 files from soundcloud and convert them to the asterisk .gsm format:

$ mkdir janebarbe
$ sox JB-0-neutral.mp3 -r 8000 -c 1 janebarbe/0.gsm

..

$ sox JB-is-not-in-service.mp3 -r 8000 -c 1 janebarbe/is-not-in-service.gsm 
$ sox JB-the-number-you-have-reached.mp3 -r 8000 -c 1 janebarbe/the-number-you-have-reached.gsm

And put that entire janebarbe directory in the directory where asterisk expects the digit files for language 'janebarbe' which is /usr/share/asterisk/sounds/digits/janebarbe/ in the 'old' directory structure and /usr/share/asterisk/sounds/janebarbe/digits/ in the 'new' directory structure. Look at Asterisk multi-language - voip-info.org for details on directory structures.

Using the digits is now simple, a test:

exten => s,1,Answer()
exten => s,n,Wait(1)
exten => s,n,Playback(digits/janebarbe/the-number-you-have-reached)
exten => s,n,Set(CHANNEL(language)=janebarbe)
exten => s,n,SayDigits(1234567890)
exten => s,n,Playback(digits/janebarbe/is-not-in-service)
exten => s,n,Hangup

Will have Jane Barbe telling you what you expect. This can be used as an invalid-number intercept.