[asterisk-users] How to log caller IP address in the CDR?

Benoit Panizzon benoit.panizzon at imp.ch
Fri Oct 5 07:10:42 CDT 2012


Hello

We had this situation:

Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk 
Server was abused to call a large number of expensive destinations.

It is clear that the sip logins have been passed to various persons (probably 
posted on a forum somewhere inviting to do 'free calls').

Right after the affected password was changed, the message log shows which IP 
did try to make calls.
We also got a few snapshots of 'sip show channels' which show the ip addresses 
of active in call connections.
So basicly it is known, who abused the service. It was abused from multiple IP 
addresses at the same time.

Legal steps against the abusers have been taken, but to claim the costs of the 
damage they generated we would need to know exactly which calls originated 
from which IP address to put an exact sum of damage done by each of the 
abusers.

Well for this case it is too late now. But is there a way to get the IP 
Address of the SIP Client being logged in each CDR?

Kind regards

Benoit Panizzon



More information about the asterisk-users mailing list