I have someone with a bogus ham call connecting to me on permanent from iax web connection I cant block. I have node setting on allstar page set for no web connection . I would appreciate help if possible, chris
What do you mean by a "bogus ham call"?
You can block nodes with Allow and Deny Lists - AllStarLink Manual.
tk4lsi is not found to be valid
There is no TK4LSI registered with AllStarLink. So the link it not coming from the ASL network. Is it perhaps an Echolink node? When you say it's "connecting to [you] on permanent connection" what do you mean by that?
when i drop the connection it re connects less then 5 seconds later
As N8EI wrote, blacklisting TK4LSI will cause their connect attempt to fail, every 5 sec. or so. Check out this link from his post.
Chris,
It 'looks like' you have a breach in your iaxclient desciption. Change the password to a longer one.
Better yet change the user as well.
Never liked the idea of cookie cutter setups.Never use them.
The only security you generally have is the user/pass unless you set something else up.
If you only have a few places where you use your iax client, you might try this in the iaxrpt/client
[iax-rpt]
deny=0.0.0.0/0.0.0.0
permit=1.2.3.4
permit=5.6.0.0/16
permit=192.168.1.0/24
So, how many iax clients do you have described in iax.conf ?
If you only have one, post it masking your password.
But of course this could be coming from the web transceiver as well.
Need to figure that out.
I might note to everyone:
If you do not have and use a iax client or iaxrpt then you should comment this out in iax.conf
[iaxrpt] ; Connect from iaxrpt Username field (PC AllStar Client)
type = user ; Notice type is user here <---------------
context = iaxrpt ; Context to jump to in extensions.conf
auth = md5
secret = Your_Secret_Pasword_Here
host = dynamic
disallow = all
allow = ulaw
allow = adpcm
allow = gsm
transfer = no
[iaxclient] ; Connect from iax client (Zoiper...)
type = friend ; Notice type here is friend <--------------
context = iax-client ; Context to jump to in extensions.conf
auth = md5
secret = Your_Secret_Password_Here
host = dynamic
disallow = all
allow = ulaw
allow = adpcm
allow = gsm
transfer = no
For the default user /pass are valid.. It is a security risk.
I knew one day we were going to see this.
But you could as well set the password to something long and unique.
Chris,
So you know, I did run some tests from here if you seen new activity from a new IP
, but i'm done probing. (73.183.x.x)
So a couple of things:
-
The callsign K4LSI shown in your screenshot is registered in AllStarLink and is a valid license holder. I'm not sure where you're getting TK4... maybe a typo?
-
Your account has WebTransceiver turned off which means it's an IAX connection. In that case, that connection is solely based on your local configuration not AllStarLink.
-
Therefore, edit
/etc/asterisk/iax.conf
and set a differentSecret
in both the[iaxrpt]
and[iaxclient]
sections. After that, restart Asterisk and the user should not be able to connect again.
when i looked at the log about his ip address his call was tk4lsi
In that log, the T
before the node number means that the node has connected in "transcive" mode.
thanks for the info