Asterisk hacking shows readers about a hacking technique they may not be aware of. It teaches the secrets the bad guys already know about stealing personal information through the most common, seemingly innocuous, highway into computer networks: the phone system. The book also comes with an Asterisk Live CD (SLAST) containing all the tools discussed in the book and ready to boot!
This book shows readers what they can do to protect themselves, their families, their clients, and their network from this invisible threat. Power tips show how to make the most out of the phone system and turn it into a samurai sword – for defense or attack!
*Asterisk Live CD (SLAST) containing all the tools discussed in the book and ready to boot!
*Contains original code to perform previously unthought of tasks like changing caller id, narrowing a phone number down to a specific geographic location, and more!
*See through the eyes of the attacker and learn WHY they are motivated, something not touched upon in most other titles
|Sold by:||Barnes & Noble|
|File size:||3 MB|
Read an Excerpt
Asterisk HackingToolkit and LiveCD
By Benjamin Jackson Champ Clark III
SyngressCopyright © 2007 Elsevier, Inc.
All right reserved.
Chapter OneWhat Is Asterisk and Why Do You Need It?
Solutions in this chapter:
* What Is Asterisk? * What Can Asterisk Do for Me? * Who's Using Asterisk?
For years, telephone networks were run by large companies spending billions of dollars to set up systems that connected to one another over wires, radios, and microwaves. Large machines, filling entire buildings, allowed people to talk to each other over great distances. As the computer revolution progressed, the machines got smaller and more efficient, but still they were almost exclusively the domain of a small sect of companies.
Enter Asterisk ... Asterisk has taken the power of the open-source software movement and brought it to the land of telephony. Much like how open source has proven that users don't need to rely on commercial companies for software, Asterisk has proven that users don't need to rely on commercial telephone companies for telephone systems. Open-source software allows you to be free of vendor lock-in, save money on support, use open standards, and change the software to suit your unique problems if the need arises. Looking at the "traditional" Private Branch Exchange (PBX) market, vendor lock-in is all too common, vendors charge exorbitant fees for support, and all too often the PBX you buy is a cookie-cutter solution with little to no customization options. It is common for people to think that their PBX is a black box that handles telephone calls. In reality, it is a bunch of computing equipment running a highly specialized software package. Open-source software can replace that customized software just as easily as it can replace any other software.
Asterisk is a veritable Swiss Army knife of telephony and Voice over Internet Protocol (VoIP). Designed to be a PBX replacement, Asterisk has grown to be all that and more. It boasts the ability to store voice mail, host conference calls, handle music on hold, and talk to an array of telephone equipment. It is also scalable, able to handle everything from a small five-telephone office to a large enterprise with multiple locations.
Thanks to Asterisk and Vole it is possible to run a telephone company out of a basement, handling telephone calls for people within a neighborhood, a city, or a country. Doing this only a few years ago would have required buying a large building, setting up large racks of equipment, and taking out a second mortgage. But today, everyone is jumping on the Asterisk bandwagon: hobbyists, telephone companies, universities, and small businesses, just to name a few. But what exactly is Asterisk? And what can it do? Let's find out.
What Is Asterisk?
Asterisk is an open-source PBX that has VoIP capabilities. However, this hardly explains what Asterisk is or what it does. So let's delve a little more deeply into PBXes, Vole and Asterisk.
What Is a PBX?
Asterisk, first and foremost, is a Private Branch Exchange. A PBX is a piece of equipment that handles telephone switching owned by a private business, rather than a telephone company. Initially in the United States, PBXes were for medium-to-large businesses that would create a lot of telephone traffic starting from, and terminating within, the same location. Rather than having that traffic tie up the switch that handles telephones for the rest of the area, PBXes were designed to be small switches to handle this traffic. Thus, the PBX would keep the internal traffic internal, and also handle telephone calls to and from the rest of the telephone network.
In the United States, thanks in part to the Bell System breakup of 1984, and to the computer revolution shrinking PBXes from the size of a couch to the size of a briefcase, PBXes flooded the market. Hundreds of companies started making PBXes and thousands wanted them. New features started coming into their own: voice mail, interactive menus, call waiting, caller ID, three-way calling, music on hold, and so on. The telecommunications industry grew by leaps and bounds, and the PBX industry kept up. However, with every silver lining comes a cloud. With the proliferation of digital telephone systems, each vendor had a specific set of phones you could use with their PBX. Company X's phones would often not work with Company Y's PBX. Plus, as with almost every technology, all too often a vendor would come in, set up the telephones, and never be heard from again, leaving the customer to deal with the system when it didn't work.
PBXes are one of the key pieces of hardware in businesses today, ranging from small devices the size of shoeboxes that handle a few lines to the telephone network and five phones in a small office, to a large system that interconnects ten offices across a campus of buildings. However, today's PBXes, when boiled down, all do the same things as their predecessors: route and handle telephone calls, and keep unnecessary traffic off the public switched telephone network.
Asterisk is a complete PBX. It implements all the major features of most commercially available PBXes. It also implements, for flee, features that often cost a lot in a commercial installation: Conference calling, Direct Inward System Access, Call Parking, and Call Queues, just to name a few.
Out of the box, Asterisk can be configured to replicate your current PBX install. There have been numerous installs where a company's existing PBX is taken down on a Friday, an Asterisk server is installed and configured on Saturday, wired and tested on Sunday, and is handling calls on Monday. The users only notice a different voice when they grab their voice mail.
What Is VoIP?
Voice over Internet Protocol is one of the new buzzwords of the media today. While VoIP has been around in one incarnation or another since the 1970s, the market and technology has exploded over the past three years. Companies have sprouted up selling VoIP services and VoIP software, and instant messaging services are starting to include VoIP features.
But what exactly is VoIP? VoIP is a method to carry a two-way conversation over an Internet Protocol-based network. The person using Vonage to talk to her neighbor down the street? That's VoIP. The person in the United States using Windows Messenger to talk to his extended family in Portugal? That's VoIP. The 13-year-old playing Splinter Cell on his Xbox and talking to his teammates about how they slaughtered the other team? That's VoIP, too.
VoIP has exploded for a number of reasons—a major one being its ability to use an existing data network's excess capacity for voice calls, which allows these calls to be completed at little to no cost. A normal call that uses the standard telephone network compression coder-decoder algorithm (codec), µ-Law, will take up 64 kilobits per second of bandwidth. However, with efficient compression schemes, that can be dropped dramatically. In Table 1.1, we list certain commonly supported codecs, and how many simultaneous calls a T1 can handle when using that codec.
The savings of bandwidth comes at a cost though; the more compression placed on a conversation, the more the voice quality degrades. When using LPC10 (one of the most efficient compression codecs), the conversation, while intelligible, often sounds like two whales making mating calls. If you have no other alternative, it will be sufficient, but it's not a good choice for a business environment.
The other major benefit of VoIP is the mobility. Phone calls can be sent and received wherever a data connection is available, whether it is a residential broadband connection, the office network, or a WiFi connection at a local drinking establishment. This mobility has a many benefits a company's sales force can be scattered across the country yet have a phone in their home office that is an extension of the company's PBX. They can enjoy a voice mail box, an extension off the company's main number, and all the other features as if they all were in the same building.
It is important to make the distinction that VoIP is not exclusive to Asterisk. There is a growing market of software-based PBXes that tout VoIP as a major feature. Some traditional PBXes are starting to include VoIP features in them, and local phone companies are offering VoIP packages for customers. As a result, the advantages of VoIP have begun to catch the attention of the entire telecom industry.
The History of Asterisk
Mark Spencer, the creator of Asterisk, has created numerous popular open-source tools including GAIM, the open-source AOL Instant Messaging client that is arguably the most popular IM client for Linux, 12tpd, the L2TP tunneling protocol daemon, and the Cheops Network User Interface, a network service manager. In 1999, Mark had a problem though. He wanted to buy a PBX for his company so they could have voice mail, call other offices without paying for the telephone call, and do all the other things one expects from a PBX system. However, upon researching his options, he realized all the commercial systems cost an arm and a leg. Undaunted, he did what every good hacker would he set to writing a PBX suitable to his needs.
On December 5, 1999, Asterisk 0.1.0 was released. As the versions progressed, more and more features were added by developers, gathering a following of users, conventions, and everything short of groupies along the way. Asterisk's first major milestone was reached on September 23, 2004, when Mark Spencer released Asterisk 1.0 at the first Astricon, the official Asterisk user and developer's conference. Asterisk 1.0 was the first stable, open-source, VoIP-capable PBX on the market. Boasting an impressive set of features at the time, it included a complete voice conferencing system, voice mail, an impressive ability to interface into analog equipment, and the ability to talk to three different VoIP protocols reliably.
Development didn't stop there though. Asterisk continued to grow. On November 17, 2005, Asterisk 1.2 was released, which addressed over 3000 code revisions, included major improvements to the core, more VoIP protocols, and better scalability. Also, this release introduced Digium's DUNDi (Distributed Universal Number Discovery) protocol, a peer-to-peer number discovery system designed to simplify interconnecting Asterisk servers across, and in between, enterprises.
The latest release of Asterisk, Asterisk 1.4, was released December 27, 2006. This release featured major changes in the configuration process, optimized applications, simplified the global configuration, and updated the Call Detail Records for billing purposes. Also new in this version was better hardware support, an improved ability to interface with legacy equipment, and better interfacing with Cisco's SCCP VoIP protocol. Also, as with any software project, this update addressed the bugs and issues found since the 1.2 release.
Today, Asterisk is one of the most popular software-based VoIP PBXes running on multiple operating systems. Asterisk handles most common PBX features and incorporates a lot more to boot. It works with numerous VoIP protocols and supports many pieces of hardware that interface with the telephone network. Asterisk is currently at the forefront of the much talked-about "VoIP revolution" due to its low cost, open-source nature, and its vast capabilities.
The company Mark Spencer wrote his PBX for is now known as Digium, which has become the driving force behind Asterisk development. Digium sells hardware for interfacing computers into analog telephone lines and Primary Rate Interface (PRI) lines. Digium also offers Asterisk Business Edition, an Enterprise-ready version of Asterisk, which includes commercial text-to-speech and speech recognition product capabilities, and has gone through stress testing, simulating hundreds of thousands of simultaneous phone calls. Finally, Digium offers consulting for Asterisk installations and maintenance, and trains people for its Digium Certified Asterisk Professional certification.
What Can Asterisk Do for Me?
Asterisk is so multifaceted it's hard to come up with a general catchall answer for everyone asking what Asterisk can do for them. When a friend and I tried to think up an answer that would fit this requirement, the closest thing we could come up with was "Asterisk will do everything except your dishes, and there is a module for that currently in development."
Asterisk as a Private Branch Exchange
Asterisk is, first and foremost, a PBX. Some people seem to constantly tout Asterisk's VoIP capabilities, and while that is a major feature, they seem to forget that Asterisk doesn't need VoIP at all to be a PBX. But even without VoIP, Asterisk has many advantages over traditional hardware-based PBXes.
Advantages over Traditional PBXes
Asterisk has numerous advantages over "traditional" PBXes. These advantages can benefit both larger and smaller businesses. Let's talk about two different scenarios, with two different problems, but one common solution.
Excerpted from Asterisk Hacking by Benjamin Jackson Champ Clark III Copyright © 2007 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of ContentsWhat is Asterisk and why do you need it?
Add-ons and Modules
Asterisk Hardware Ninjutsu
Protocols, say what?
Lock it down!
Reach out and touch someone: The future of Asterisk Hacking