Blocking web connections

sparks · May 2, 2025, 8:44pm

I have someone with a bogus ham call connecting to me on permanent from iax web connection I cant block. I have node setting on allstar page set for no web connection . I would appreciate help if possible, chris

N8EI · May 2, 2025, 11:41pm

What do you mean by a "bogus ham call"?

You can block nodes with Allow and Deny Lists - AllStarLink Manual.

sparks · May 3, 2025, 1:19am

tk4lsi is not found to be valid

N8EI · May 3, 2025, 1:46am

There is no TK4LSI registered with AllStarLink. So the link it not coming from the ASL network. Is it perhaps an Echolink node? When you say it's "connecting to [you] on permanent connection" what do you mean by that?

sparks · May 3, 2025, 3:02am

sparks · May 3, 2025, 3:04am

sparks · May 3, 2025, 3:06am

when i drop the connection it re connects less then 5 seconds later

Chuck · May 3, 2025, 3:50am

As N8EI wrote, blacklisting TK4LSI will cause their connect attempt to fail, every 5 sec. or so. Check out this link from his post.

Mike · May 3, 2025, 2:45pm

Chris,
It 'looks like' you have a breach in your iaxclient desciption. Change the password to a longer one.
Better yet change the user as well.
Never liked the idea of cookie cutter setups.Never use them.

The only security you generally have is the user/pass unless you set something else up.
If you only have a few places where you use your iax client, you might try this in the iaxrpt/client

[iax-rpt]
deny=0.0.0.0/0.0.0.0
permit=1.2.3.4
permit=5.6.0.0/16
permit=192.168.1.0/24

So, how many iax clients do you have described in iax.conf ?

If you only have one, post it masking your password.

But of course this could be coming from the web transceiver as well.
Need to figure that out.

Mike · May 3, 2025, 3:05pm

I might note to everyone:

If you do not have and use a iax client or iaxrpt then you should comment this out in iax.conf


[iaxrpt]                         ; Connect from iaxrpt Username field (PC AllStar Client)
type = user                      ; Notice type is user here <---------------
context = iaxrpt                 ; Context to jump to in extensions.conf
auth = md5
secret = Your_Secret_Pasword_Here
host = dynamic
disallow = all                    
allow = ulaw
allow = adpcm
allow = gsm                       
transfer = no

[iaxclient]                      ; Connect from iax client (Zoiper...)
type = friend                    ; Notice type here is friend <--------------
context = iax-client             ; Context to jump to in extensions.conf
auth = md5
secret = Your_Secret_Password_Here
host = dynamic
disallow = all
allow = ulaw
allow = adpcm
allow = gsm
transfer = no

For the default user /pass are valid.. It is a security risk.

I knew one day we were going to see this.

But you could as well set the password to something long and unique.

Mike · May 3, 2025, 3:56pm

Chris,

So you know, I did run some tests from here if you seen new activity from a new IP
, but i'm done probing. (73.183.x.x)

N8EI · May 3, 2025, 8:43pm

So a couple of things:

The callsign K4LSI shown in your screenshot is registered in AllStarLink and is a valid license holder. I'm not sure where you're getting TK4... maybe a typo?
Your account has WebTransceiver turned off which means it's an IAX connection. In that case, that connection is solely based on your local configuration not AllStarLink.
Therefore, edit /etc/asterisk/iax.conf and set a different Secret in both the [iaxrpt] and [iaxclient] sections. After that, restart Asterisk and the user should not be able to connect again.

sparks · May 5, 2025, 5:09am

when i looked at the log about his ip address his call was tk4lsi

Mason10198 · May 5, 2025, 11:43am

In that log, the T before the node number means that the node has connected in "transcive" mode.

sparks · May 5, 2025, 10:59pm

thanks for the info