On Fri, 2012-10-05 at 14:10 +0200, Benoit Panizzon wrote: > Hello > > We had this situation: > > Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk > Server was abused to call a large number of expensive destinations. > > It is clear that the sip logins have been passed to various persons (probably > posted on a forum somewhere inviting to do 'free calls'). > > Right after the affected password was changed, the message log shows which IP > did try to make calls. > We also got a few snapshots of 'sip show channels' which show the ip > addresses > of active in call connections. > So basicly it is known, who abused the service. It was abused from multiple > IP > addresses at the same time. > > Legal steps against the abusers have been taken, but to claim the costs of > the > damage they generated we would need to know exactly which calls originated > from which IP address to put an exact sum of damage done by each of the > abusers. > > Well for this case it is too late now. But is there a way to get the IP > Address of the SIP Client being logged in each CDR? > > Kind regards > > Benoit Panizzon > > --
Hi Get info using function SIPCHANINFO https://wiki.asterisk.org/wiki/display/AST/Function_SIPCHANINFO Set it to CDR using CDR(userfield) The above are for 1.8 Regards Ish -- Ishfaq Malik <i...@pack-net.co.uk> Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET NORTH, MANCHESTER SCIENCE PARK, MANCHESTER, M156SE COMPANY REG NO. 04920552 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users