Hello We had this situation:
Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk Server was abused to call a large number of expensive destinations. It is clear that the sip logins have been passed to various persons (probably posted on a forum somewhere inviting to do 'free calls'). Right after the affected password was changed, the message log shows which IP did try to make calls. We also got a few snapshots of 'sip show channels' which show the ip addresses of active in call connections. So basicly it is known, who abused the service. It was abused from multiple IP addresses at the same time. Legal steps against the abusers have been taken, but to claim the costs of the damage they generated we would need to know exactly which calls originated from which IP address to put an exact sum of damage done by each of the abusers. Well for this case it is too late now. But is there a way to get the IP Address of the SIP Client being logged in each CDR? Kind regards Benoit Panizzon -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users