On Fri, 2012-10-05 at 14:10 +0200, Benoit Panizzon wrote:
> Hello
> 
> We had this situation:
> 
> Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk 
> Server was abused to call a large number of expensive destinations.
> 
> It is clear that the sip logins have been passed to various persons (probably 
> posted on a forum somewhere inviting to do 'free calls').
> 
> Right after the affected password was changed, the message log shows which IP 
> did try to make calls.
> We also got a few snapshots of 'sip show channels' which show the ip 
> addresses 
> of active in call connections.
> So basicly it is known, who abused the service. It was abused from multiple 
> IP 
> addresses at the same time.
> 
> Legal steps against the abusers have been taken, but to claim the costs of 
> the 
> damage they generated we would need to know exactly which calls originated 
> from which IP address to put an exact sum of damage done by each of the 
> abusers.
> 
> Well for this case it is too late now. But is there a way to get the IP 
> Address of the SIP Client being logged in each CDR?
> 
> Kind regards
> 
> Benoit Panizzon
> 
> --

Hi

Get info using function SIPCHANINFO
https://wiki.asterisk.org/wiki/display/AST/Function_SIPCHANINFO

Set it to CDR using CDR(userfield)

The above are for 1.8

Regards

Ish

-- 
Ishfaq Malik <i...@pack-net.co.uk>
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994
f: +44 (0)161 660 9825
e: i...@pack-net.co.uk
w: http://www.pack-net.co.uk

Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET
NORTH, MANCHESTER
SCIENCE PARK, MANCHESTER, M156SE
COMPANY REG NO. 04920552


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to