Re: [asterisk-users] How to log caller IP address in the CDR?

2014-07-14 Thread Rafael 

can you please tell me exactly which file to edit please.



-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2014-07-14 Thread Rafael dos Santos Saraiva 
Hi


Set(CDR(userfield)=${SIPPEER(${CALLERID(num),ip)})

If caller is SIP peer.


Att,
*Rafael dos Santos Saraiva*
http://br.linkedin.com/pub/rafael-saraiva/52/aab/230


2014-07-14 14:10 GMT-03:00 Rafael rrich...@gmail.com:


 can you please tell me exactly which file to edit please.



 --
 _
 -- Bandwidth and Colocation Provided by http://www.api-digital.com --
 New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

 asterisk-users mailing list
 To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Benoit Panizzon 
Hello

We had this situation:

Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk 
Server was abused to call a large number of expensive destinations.

It is clear that the sip logins have been passed to various persons (probably 
posted on a forum somewhere inviting to do 'free calls').

Right after the affected password was changed, the message log shows which IP 
did try to make calls.
We also got a few snapshots of 'sip show channels' which show the ip addresses 
of active in call connections.
So basicly it is known, who abused the service. It was abused from multiple IP 
addresses at the same time.

Legal steps against the abusers have been taken, but to claim the costs of the 
damage they generated we would need to know exactly which calls originated 
from which IP address to put an exact sum of damage done by each of the 
abusers.

Well for this case it is too late now. But is there a way to get the IP 
Address of the SIP Client being logged in each CDR?

Kind regards

Benoit Panizzon

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Joshua Colp 

Benoit Panizzon wrote:

Hello


Hola,

snipped out parts, check archives for those who are curious


Well for this case it is too late now. But is there a way to get the IP
Address of the SIP Client being logged in each CDR?


You can access the IP address of the received signaling traffic 
(provided it has not been spoofed) using ${CHANNEL(recvip)} in the 
dialplan. If the CDR module you are using supports storing custom 
variables you can do something like:


exten = _X.,1,Set(CDR(recvip)=${CHANNEL(recvip)})

To store this in the custom variable field 'recvip'.

If it does not you can store it in the userfield instead like:

exten = _X.,1,Set(CDR(userfield)=${CHANNEL(recvip)})

Cheers,

--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com   www.asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Patrick Lists 

On 10/05/2012 02:10 PM, Benoit Panizzon wrote:

Hello

We had this situation:

Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk
Server was abused to call a large number of expensive destinations.


I'm sorry to hear that. In the Asterisk source there is a doc that 
focuses on security. you might want to read that. Google should give you 
more information about Asterisk/SIP security. Also you may want to 
install something like fail2ban which prevents brute forcing by banning 
originating IP addresses after a few failed attempts.


Regards,
Patrick


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Ishfaq Malik 
On Fri, 2012-10-05 at 14:10 +0200, Benoit Panizzon wrote:
 Hello
 
 We had this situation:
 
 Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk 
 Server was abused to call a large number of expensive destinations.
 
 It is clear that the sip logins have been passed to various persons (probably 
 posted on a forum somewhere inviting to do 'free calls').
 
 Right after the affected password was changed, the message log shows which IP 
 did try to make calls.
 We also got a few snapshots of 'sip show channels' which show the ip 
 addresses 
 of active in call connections.
 So basicly it is known, who abused the service. It was abused from multiple 
 IP 
 addresses at the same time.
 
 Legal steps against the abusers have been taken, but to claim the costs of 
 the 
 damage they generated we would need to know exactly which calls originated 
 from which IP address to put an exact sum of damage done by each of the 
 abusers.
 
 Well for this case it is too late now. But is there a way to get the IP 
 Address of the SIP Client being logged in each CDR?
 
 Kind regards
 
 Benoit Panizzon
 
 --

Hi

Get info using function SIPCHANINFO
https://wiki.asterisk.org/wiki/display/AST/Function_SIPCHANINFO

Set it to CDR using CDR(userfield)

The above are for 1.8

Regards

Ish

-- 
Ishfaq Malik i...@pack-net.co.uk
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994
f: +44 (0)161 660 9825
e: i...@pack-net.co.uk
w: http://www.pack-net.co.uk

Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET
NORTH, MANCHESTER
SCIENCE PARK, MANCHESTER, M156SE
COMPANY REG NO. 04920552


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Alex Oniciuc 
Ishfaq is right, that's the way to go.
Here's a dialplan line to help you achieve that:

exten = YOUREXTEN_CHANGE_ME,PRIORITY_CHANGE_ME,Set(CDR(UserField)=SIP
HEADER CONTACT: ${SIP_HEADER(CONTACT)}, SIPURI: ${SIPURI}, SIP PEER IP:
${SIPCHANINFO(peerip)}, SIP RECEIVED IP: ${SIPCHANINFO(recvip)}, SIP FROM:
${SIPCHANINFO(from)})

Alex

2012/10/5 Ishfaq Malik i...@pack-net.co.uk

 On Fri, 2012-10-05 at 14:10 +0200, Benoit Panizzon wrote:
  Hello
 
  We had this situation:
 
  Some bot-net did try to guess SIP logins and finally succeeded. The
 Asterisk
  Server was abused to call a large number of expensive destinations.
 
  It is clear that the sip logins have been passed to various persons
 (probably
  posted on a forum somewhere inviting to do 'free calls').
 
  Right after the affected password was changed, the message log shows
 which IP
  did try to make calls.
  We also got a few snapshots of 'sip show channels' which show the ip
 addresses
  of active in call connections.
  So basicly it is known, who abused the service. It was abused from
 multiple IP
  addresses at the same time.
 
  Legal steps against the abusers have been taken, but to claim the costs
 of the
  damage they generated we would need to know exactly which calls
 originated
  from which IP address to put an exact sum of damage done by each of the
  abusers.
 
  Well for this case it is too late now. But is there a way to get the IP
  Address of the SIP Client being logged in each CDR?
 
  Kind regards
 
  Benoit Panizzon
 
  --

 Hi

 Get info using function SIPCHANINFO
 https://wiki.asterisk.org/wiki/display/AST/Function_SIPCHANINFO

 Set it to CDR using CDR(userfield)

 The above are for 1.8

 Regards

 Ish

 --
 Ishfaq Malik i...@pack-net.co.uk
 Department: VOIP Support
 Company: Packnet Limited
 t: +44 (0)845 004 4994
 f: +44 (0)161 660 9825
 e: i...@pack-net.co.uk
 w: http://www.pack-net.co.uk

 Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET
 NORTH, MANCHESTER
 SCIENCE PARK, MANCHESTER, M156SE
 COMPANY REG NO. 04920552


 --
 _
 -- Bandwidth and Colocation Provided by http://www.api-digital.com --
 New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

 asterisk-users mailing list
 To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Benoit Panizzon 
Hi Joshua and all others who replied.

 exten = _X.,1,Set(CDR(userfield)=${CHANNEL(recvip)})

Thank you, that did it.

It's an asterisk 1.6.2.9 actualy. Are additional CDR fields like CDR(recvip) 
only possible from some newer release or do they have to be defined somewhere?

Well sure I now have set:

alwaysauthreject=yes

And got a script to scan the logfile all 15min to firewall IP addresses which 
excessively try to login.

You're always smarter after the incident :-/

Benoit Panizzon

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] How to log caller IP address in the CDR?

2012-10-05 Thread Joshua Colp 

Benoit Panizzon wrote:

Hi Joshua and all others who replied.


Hola,


exten =  _X.,1,Set(CDR(userfield)=${CHANNEL(recvip)})


Thank you, that did it.


Glad to hear it!


It's an asterisk 1.6.2.9 actualy. Are additional CDR fields like CDR(recvip)
only possible from some newer release or do they have to be defined somewhere?


They are always available BUT the underlying CDR module that you use to 
write them out or place them in a database has to have support for doing 
so. I don't know the extent of that support I'm afraid, but if you can 
see them being useful it might be something to research yourself and 
explore.


Cheers,

--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com   www.asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users