[asterisk-users] How to log caller IP address in the CDR?
Benoit Panizzon
benoit.panizzon at imp.ch
Fri Oct 5 07:10:42 CDT 2012
Hello
We had this situation:
Some bot-net did try to guess SIP logins and finally succeeded. The Asterisk
Server was abused to call a large number of expensive destinations.
It is clear that the sip logins have been passed to various persons (probably
posted on a forum somewhere inviting to do 'free calls').
Right after the affected password was changed, the message log shows which IP
did try to make calls.
We also got a few snapshots of 'sip show channels' which show the ip addresses
of active in call connections.
So basicly it is known, who abused the service. It was abused from multiple IP
addresses at the same time.
Legal steps against the abusers have been taken, but to claim the costs of the
damage they generated we would need to know exactly which calls originated
from which IP address to put an exact sum of damage done by each of the
abusers.
Well for this case it is too late now. But is there a way to get the IP
Address of the SIP Client being logged in each CDR?
Kind regards
Benoit Panizzon
More information about the asterisk-users
mailing list