Re: [asterisk-users] How to log caller IP address in the CDR?
can you please tell me exactly which file to edit please. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
Hi Set(CDR(userfield)=${SIPPEER(${CALLERID(num),ip)}) If caller is SIP peer. Att, *Rafael dos Santos Saraiva* http://br.linkedin.com/pub/rafael-saraiva/52/aab/230 2014-07-14 14:10 GMT-03:00 Rafael rrich...@gmail.com: can you please tell me exactly which file to edit please. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] How to log caller IP address in the CDR?
Hello We had this situation: Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk Server was abused to call a large number of expensive destinations. It is clear that the sip logins have been passed to various persons (probably posted on a forum somewhere inviting to do 'free calls'). Right after the affected password was changed, the message log shows which IP did try to make calls. We also got a few snapshots of 'sip show channels' which show the ip addresses of active in call connections. So basicly it is known, who abused the service. It was abused from multiple IP addresses at the same time. Legal steps against the abusers have been taken, but to claim the costs of the damage they generated we would need to know exactly which calls originated from which IP address to put an exact sum of damage done by each of the abusers. Well for this case it is too late now. But is there a way to get the IP Address of the SIP Client being logged in each CDR? Kind regards Benoit Panizzon -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
Benoit Panizzon wrote: Hello Hola, snipped out parts, check archives for those who are curious Well for this case it is too late now. But is there a way to get the IP Address of the SIP Client being logged in each CDR? You can access the IP address of the received signaling traffic (provided it has not been spoofed) using ${CHANNEL(recvip)} in the dialplan. If the CDR module you are using supports storing custom variables you can do something like: exten = _X.,1,Set(CDR(recvip)=${CHANNEL(recvip)}) To store this in the custom variable field 'recvip'. If it does not you can store it in the userfield instead like: exten = _X.,1,Set(CDR(userfield)=${CHANNEL(recvip)}) Cheers, -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
On 10/05/2012 02:10 PM, Benoit Panizzon wrote: Hello We had this situation: Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk Server was abused to call a large number of expensive destinations. I'm sorry to hear that. In the Asterisk source there is a doc that focuses on security. you might want to read that. Google should give you more information about Asterisk/SIP security. Also you may want to install something like fail2ban which prevents brute forcing by banning originating IP addresses after a few failed attempts. Regards, Patrick -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
On Fri, 2012-10-05 at 14:10 +0200, Benoit Panizzon wrote: Hello We had this situation: Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk Server was abused to call a large number of expensive destinations. It is clear that the sip logins have been passed to various persons (probably posted on a forum somewhere inviting to do 'free calls'). Right after the affected password was changed, the message log shows which IP did try to make calls. We also got a few snapshots of 'sip show channels' which show the ip addresses of active in call connections. So basicly it is known, who abused the service. It was abused from multiple IP addresses at the same time. Legal steps against the abusers have been taken, but to claim the costs of the damage they generated we would need to know exactly which calls originated from which IP address to put an exact sum of damage done by each of the abusers. Well for this case it is too late now. But is there a way to get the IP Address of the SIP Client being logged in each CDR? Kind regards Benoit Panizzon -- Hi Get info using function SIPCHANINFO https://wiki.asterisk.org/wiki/display/AST/Function_SIPCHANINFO Set it to CDR using CDR(userfield) The above are for 1.8 Regards Ish -- Ishfaq Malik i...@pack-net.co.uk Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET NORTH, MANCHESTER SCIENCE PARK, MANCHESTER, M156SE COMPANY REG NO. 04920552 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
Ishfaq is right, that's the way to go. Here's a dialplan line to help you achieve that: exten = YOUREXTEN_CHANGE_ME,PRIORITY_CHANGE_ME,Set(CDR(UserField)=SIP HEADER CONTACT: ${SIP_HEADER(CONTACT)}, SIPURI: ${SIPURI}, SIP PEER IP: ${SIPCHANINFO(peerip)}, SIP RECEIVED IP: ${SIPCHANINFO(recvip)}, SIP FROM: ${SIPCHANINFO(from)}) Alex 2012/10/5 Ishfaq Malik i...@pack-net.co.uk On Fri, 2012-10-05 at 14:10 +0200, Benoit Panizzon wrote: Hello We had this situation: Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk Server was abused to call a large number of expensive destinations. It is clear that the sip logins have been passed to various persons (probably posted on a forum somewhere inviting to do 'free calls'). Right after the affected password was changed, the message log shows which IP did try to make calls. We also got a few snapshots of 'sip show channels' which show the ip addresses of active in call connections. So basicly it is known, who abused the service. It was abused from multiple IP addresses at the same time. Legal steps against the abusers have been taken, but to claim the costs of the damage they generated we would need to know exactly which calls originated from which IP address to put an exact sum of damage done by each of the abusers. Well for this case it is too late now. But is there a way to get the IP Address of the SIP Client being logged in each CDR? Kind regards Benoit Panizzon -- Hi Get info using function SIPCHANINFO https://wiki.asterisk.org/wiki/display/AST/Function_SIPCHANINFO Set it to CDR using CDR(userfield) The above are for 1.8 Regards Ish -- Ishfaq Malik i...@pack-net.co.uk Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET NORTH, MANCHESTER SCIENCE PARK, MANCHESTER, M156SE COMPANY REG NO. 04920552 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
Hi Joshua and all others who replied. exten = _X.,1,Set(CDR(userfield)=${CHANNEL(recvip)}) Thank you, that did it. It's an asterisk 1.6.2.9 actualy. Are additional CDR fields like CDR(recvip) only possible from some newer release or do they have to be defined somewhere? Well sure I now have set: alwaysauthreject=yes And got a script to scan the logfile all 15min to firewall IP addresses which excessively try to login. You're always smarter after the incident :-/ Benoit Panizzon -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] How to log caller IP address in the CDR?
Benoit Panizzon wrote: Hi Joshua and all others who replied. Hola, exten = _X.,1,Set(CDR(userfield)=${CHANNEL(recvip)}) Thank you, that did it. Glad to hear it! It's an asterisk 1.6.2.9 actualy. Are additional CDR fields like CDR(recvip) only possible from some newer release or do they have to be defined somewhere? They are always available BUT the underlying CDR module that you use to write them out or place them in a database has to have support for doing so. I don't know the extent of that support I'm afraid, but if you can see them being useful it might be something to research yourself and explore. Cheers, -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users