March 21, 2013
Using your own Cisco Phone with SpeakEasy
If you know me, you know that I love hardware. I buy electronic doodads so that I can take them apart, hack them, and do something fun with them.
My new'ish job is another 'virtual job.' Mostly I work from home, though I do hit the road for months at a time sometimes. The company gave me a laptop loaded up with software including a voice-over-ip-phone application. The software is set up to use a VoIP provider called SpeakEasy.
I decided that it would be fun to get a physical phone to use with the service. I'm not very good at doing the pre-purchase research. Mostly I just like to buy something that looks like it might work, try it out, and if it didn't work I'll usually figure out why I bought the wrong thing. It's a learning process. S. Hadden said it best, I make a great government spender.
Anyway, getting the phone set up with SpeakEasy is not very easy. A lot of forum posts have info saying, "It can't be done." When I called them up, tech support also said that it couldn't be done -- they had to provision the phone, put their own firmware, yadda yadda yadda. They were very adamant about this, and recommended that I buy a pre-provisioned phone from them for some insane price.
Thankfully SpeakEasy/Megapath tech support is full of it. I got my phone working.
To start, I updated the phone firmware to the latest version (7.5.4 as of this writing). I then played with a lot of settings to make it work. My home network has 4 layers of NAT firewalls, with various partitions, VPNs, etc. Many of my network enclaves don't allow egress traffic except over a VPN connection, so that if some day my NAS gets powned it won't exfiltrate all of my data :). Strangely, my phone works behind 3 layers of NAT, but not 4. I haven't yet tried a STUN server, but the phone is well-protected where it lives for now. I'll tinker with STUN and see if it helps.
Anyway, on to the actual configuration!
The main is on your Extension configuration. Enable Advanced Settings and then set the following: Proxy is speakeasy.net, Outbound Proxy is ash-remote.voice.speakeasy.net, Use Outbound Proxy set to Yes, Register set to Yes, Use OB Proxy in Dialog set to yes. Note that these settings will not be available to you unless you log in as administrator and choose 'Advanced' in the upper right hand corner of the web page.
Under Subscribe Information for your line, set your Display Name to your name, User ID to your user id (of the form XXXXX_PHONENUMBER_YYY). Don't append the domain to the user id, this will happen automatically because of the 'Proxy' setting above. Punch in your password, say "Yes" to "Use AuthID", set Auth ID to your phone number without any punctuation, and set Reversed Auth Realm to 'BroadWorks' (no idea if this last part is actually necessary, but a packet capture of VoIP soft phones used it and it works).
Next you'll have to play with SIP settings. Go to the SIP tab and scroll down to NAT Support Parameters. If you're using a NAT router like me, say "Yes" to "Handle VIA received", "Insert VIA rport", and "ASend Resp to Src Port". Say No to everything else. If these settings don't work, try using a STUN Server (there are plenty of public stun servers available here.
After that, reboot your phone and you should be good to go.
September 21, 2012
Out with the old...
And in with the new...
I spent a long time working on my last motorcycle, and not nearly enough time riding it. This time around I've decided to go high-tech and get a modern'ish bike with fuel injection that should, I hope, get me around for a long time.
Once the new bike is broken out, I'm hopeful to have a little time to make it back east while onboard. A long-distance motorcycle trip sounds just about right right now.
September 20, 2012
Driving East on 94
Work has taken me to the oilfields of North Dakota to assess what may be my last large-scale SCADA systems assessment.
Working with Digital Bond has been a fantastic experience over the last year+. The troubles with control system security are something that absolutely fascinate me. I first started down this path perhaps even before I was formally interested in computer security at all -- the old video game series Marathon filled me with funny ideas about survivable computer systems: systems that kept running even after the death of their creator species, systems that discovered ways to survive the closure of the universe and make themselves gods of a fashion.
Feeling a bit boddhisatva, I've often mused that I'm going to die some day. I will not be remembered. Indeed, I wonder if the human race is going to survive our own machinations and lack of resolve. That's fine. Silly video games made me wonder, though: what can survive us?
Artificial intelligence I thought, for a time. Alas, reality sunk in: self-modifying shell scripts do not appear to be our future. And anyway, we have to conquer survivable systems so that intelligences may have a platform on which to operate first.
I am growing more pessimistic that even this is possible, at least so long as humans live (oh irony).
Computer security is a field is highly odd. Human society has greatly advanced over the last 30 years thanks to increased information processing and information sharing (aside: "define: information"). We end up blowing up the few cool things that we make. I think there are reasons for this that are not entirely new. I'm plenty guilty in that regard. When not fighting each other, we fail to make things that are well thought out. And then, when this is pointed out, we go back to fighting.
May 20, 2012
Black Lodge Research
I'm lucky enough to run into some really talented researchers often in my little niche world of control systems security. I landed in Seattle on Friday broken and battered. Now I'm on the mend, feeling well enough to go for a short jog and well enough to check out Seattle's premier hackerspace, Black Lodge Research.
Living in a city as I'm about to do is going to have a lot of advantages, not the least of which being access to wonderful minds like those at BLR...I can't wait.
May 19, 2012
Vacation from Things
I'm taking my first vacation since 2004. That's entirely too long. The leadup to the trip was pretty intense, too: I contracted bronchitis and pink eye, and was sick and exhausted during the few days that I had to pack up an entire 2,000 square foot house into two tiny moving pods.
Moving convinced me that I have entirely too much stuff. Living in our huge house for four years allowed me to accumulate a lot of stuff: outdoor gear, electronics gear, clothing, brewing supplies, tools and other accoutrements of home repair. It was a disturbing experience, one that reminded me of cleaning out my great-grandfather's house after he died (being four or five years old I didn't help much, but I do remember a bit of the enormity of closets full of everything imaginable).
From this day forth I am instituting a policy of buy and toss: for every new 'thing,' I get, I have to jettison things of equal or larger size and mass (whichever is larger). I plan to buy a shiny new motorcycle at some point this summer, which is going to mean tossing a lot of stuff. It's a healthy policy, I think. Laura and I won't have children to clean up after us when we're dead and gone, and moving around while we're alive should be a fun experience, not a stressful one.
I'm still a little uneasy with the nomadic lifestyle after staying put for the last few years. Here is hoping that it gets better, and that a few weeks away from the continental US will fix me up.
In happier news, Laura graduated from WSU! She received her PhD in Molecular Plant Science after a five-year stint as a research indentured servant. Graduating is what prompted us to move. I was rather happy that our house sold so quickly. We had to price it quite low, but it was better than sitting on it for months in my opinion. We're on to Hawaii for a spell, and then Portland for the rest of the summer. That part should be relaxing, indeed!