8 posts / 0 new
Last post
dozment
dozment's picture
Joined: 2007/11/20
Points: -10

I added the following DISA script to my multi-tenant server so that some missionaries from my church could make local calls back to the US while in Jamaica and Mexico. I added a DID for them to use at both locations. They dial that number from a local (Jamaican or Mexican) phone, enter a passcode, and they are given a dial tone that lets them dial any outbound number from my server.

Arg1 is an argument for the passcode.

Note that there are some pretty serious security risks in doing this. If the DID and passcode are allowed to get out to the public I will become a free long distance provider to anyone who knows it, and I will be picking up the tab for them. For that reason I will only activate this script for short periods of time, and I will change the passcode every time it gets enabled.

Use at your own risk!

exten => s,1,Answer
exten => s,n,Set(TIMEOUT(digit)=5)
exten => s,n,Set(TIMEOUT(response)=30)
exten => s,n,Wait(1)
exten => s,n,Authenticate(${ARG1}|a)
exten => s,n,DISA(no-password|outgoing${TL_DASH}${tenant})

..and the single-tenant version:

exten => s,1,Answer
exten => s,n,Set(TIMEOUT(digit)=5)
exten => s,n,Set(TIMEOUT(response)=30)
exten => s,n,Wait(1)
exten => s,n,Authenticate(${ARG1}|a)
exten => s,n,DISA(no-password|outgoing)

thirdlane
thirdlane's picture
Joined: 2007/02/07
Points: 530

Hi Dan,

Thanks for posting thie script - I wish more people would do the same. I was debating whether I should include something like this in standard Thirdlane PBX - I am just concerned that the risk may not always be understood - just as you are pointing out.

A minor comment - you don't need to have two versions (single and multi-tenant) - in multi-tenant ${TL-DASH} is "-" and ${tenant} is set to the current tenant, in the single tenant both of these variables are empty so you can use the same code - that is is how all the scripts are constructed.

Thanks again for posting,

Alex

Alex Epshteyn
Third Lane Technologies
Multi Tenant Asterisk PBX

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

Hi, Alex!

It's nice to be able to contribute something every now and then. ;>

If you do choose to include it I would include a big disclaimer about the possibility of fraudulant use. We are going to disable both of the DISA DIDs that we set up, and only put them in place for short-term use. If a customer wants to keep one they are going to have an agreement that says they will be fully responsible for any fradulant charges.

Another option that we're going to explore is moving the DISA numbers over to another server (because I don't think I can handle the necessary scripting) and set up a pre-paid calling card service.

Thanks for the tip on multi-tenant vs single-tenant coding. Since I have both types of servers now that will help.

Dan

dbenders
dbenders's picture
Joined: 2007/10/25
Points: 0

Hi Dan, didn't try it yet, but looks Great!

For security, maybe you can add to the script a restriction per ANI. That means that you can restrict the use of it for example to our home phone or cell phone. That will be nice. If the filed is empty, can work the same way you post. Is that hard to implement?

Daniel Bendersky
Netline Telecomunicaciones S.A.
www.netline.net

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

Ok, you will have to help me with terminology here. Does caller ID qualify as ANI?

Here's another version of the script that might get a little closer to what you're suggesting, but probably has room for improvement.

ARG2 in this one is the caller ID of an allowed phone. If the inbound callerid matches ARG2 the script asks for a passcode. If the passcode matches ARG1 it allows an outbound call.

If I was a developer instead of a hardware guy I would probably know how to make this work for more than one calling number.

exten => s,1,Answer

exten => s,2,Set(TIMEOUT(digit)=5)

exten => s,3,Set(TIMEOUT(response)=30)

exten => s,4,Wait(1)

exten => s,5,GotoIf(${CALLERIDNUM}=${ARG2}?11:10)

exten => s,10,Hangup

exten => s,11,Authenticate(${ARG1}|a)

exten => s,12,DISA(no-password|outgoing${TL_DASH}${tenant})

thirdlane
thirdlane's picture
Joined: 2007/02/07
Points: 530

This is another item I would like to get some feedback on.

We could add code to PBX Manager to handle these numbers (and possibly passwords) - for either DISA or callbacks.

Any interest?

Further suggestions?

Alex Epshteyn
Third Lane Technologies
Multi Tenant Asterisk PBX

dozment
dozment's picture
Joined: 2007/11/20
Points: -10

The first version actually works better for me. I don't necessarily know where people are going to call from for DISA. I just need to be sure they aren't abusing the minutes. I'm typing with the idea of using a2billing to do prepaid minutes for this.

dbenders
dbenders's picture
Joined: 2007/10/25
Points: 0

Hi, I think that is a great script and will be nice to have it as part of PBX Manager. That way we can use the office PBX to make long distance calls when we are at the road. The callerID/ANI restriction allow a better security, but for flexibility, will be nice a script that give the alternative to use an ANI or not.

Daniel Bendersky
Netline Telecomunicaciones S.A.
www.netline.net