<span style="font-family: Arial, Helvetica, sans-serif; font-size: 10pt"><br />
One trick you can do is to accept all calls into the dial plan and then do IP lookups and call pattern checks to determine if the call is good to go past your sidewalk code. You need to make sure this code is very efficient so that you can lock out bogus callers and attackers. If you use this in conjugation with something like failtoban or some kind of auto firewall scripts you can then trap CDR's at a level before you do a full block. You can also do some tarpit style handling to slow down hackers as well. <br />
<br />
<br />
A second approach is to inject good registered peers into your valid sections of dialplan and do a general catch all context that will accept from anyone even non registered but goes no where. You can stick your failtoban here as well. You can create logging and tarpiting. Setup bogus calls to audio files that will confuse the crap out of the hackers so they think they have good routes and you can gather stats on where and what kind of attacks are comming at you. If you control their entry point you can better control the load on your network until you can ban them off. <br />
<br />
There are lot's of possiblites if you think out side the box. <br />
<div><br />
Bryant Zimmerman</div>
<br />
<br />
<span style="font-family: tahoma,arial,sans-serif; font-size: 10pt;"><hr width="100%" size="2" align="center" />
<b>From</b>: "Danny Nicholas" <danny@debsinc.com><br />
<b>Sent</b>: Friday, August 24, 2012 9:16 AM<br />
<b>To</b>: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users@lists.digium.com><br />
<b>Subject</b>: Re: [asterisk-users] Log faulty calls?</span><br />
<br />
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family: "calibri","sans-serif"; color: #1f497d; font-size: 11pt;">Actually, you could look for WARNING or ERROR and probably find what you needed.</span></p>
<p class="MsoNormal"><span style="font-family: "calibri","sans-serif"; color: #1f497d; font-size: 11pt;"> </span></p>
<p class="MsoNormal"><b><span style="font-family: "tahoma","sans-serif"; font-size: 10pt;">From:</span></b><span style="font-family: "tahoma","sans-serif"; font-size: 10pt;"> asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] <b>On Behalf Of </b>Stefan at WPF<br />
<b>Sent:</b> Friday, August 24, 2012 8:14 AM<br />
<b>To:</b> Asterisk Users Mailing List - Non-Commercial Discussion<br />
<b>Subject:</b> Re: [asterisk-users] Log faulty calls?</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom: 12pt;">Thank you Danny, but the problem is that I don't know what exactly I shall look for. I think there's no specific word in the log that clearly identifies this kind of problem? ):</p>
<div>
<p class="MsoNormal">2012/8/24 Danny Nicholas <<a href="mailto:danny@debsinc.com" target="_blank">danny@debsinc.com</a>></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"><span style="font-family: "calibri","sans-serif"; color: #1f497d; font-size: 11pt;">Not the best solution, but you could do a “quick and dirty” crawler to query /var/log/asterisk/full in PHP or PERL or your language of choice. Even in a 4K-5K calls per day environment this process usually takes less than 1 minute to run.</span></p>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"><span style="font-family: "calibri","sans-serif"; color: #1f497d; font-size: 11pt;"> </span></p>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"><b><span style="font-family: "tahoma","sans-serif"; font-size: 10pt;">From:</span></b><span style="font-family: "tahoma","sans-serif"; font-size: 10pt;"> <a href="mailto:asterisk-users-bounces@lists.digium.com" target="_blank">asterisk-users-bounces@lists.digium.com</a> [mailto:<a href="mailto:asterisk-users-bounces@lists.digium.com" target="_blank">asterisk-users-bounces@lists.digium.com</a>] <b>On Behalf Of </b>Stefan at WPF<br />
<b>Sent:</b> Friday, August 24, 2012 7:43 AM<br />
<b>To:</b> Asterisk Users Mailing List - Non-Commercial Discussion<br />
<b>Subject:</b> [asterisk-users] Log faulty calls?</span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"> </p>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;">If somebody is calling me using a wrong configured SIP phone, he gets back an error message from my Asterisk server. That's ok, however I'd also like to know that I missed a call. However there's no CDR entry created in that case and checking the asterisk logs manually is not that great... Any way to get CDR records (or any other way of noticing it) even if a call gets declined through to a wrong configured sip phone?</p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;"> </p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;">Thanks and best regards</p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto;">Stefan</p>
</div>
</div>
</div>
</div>
<p class="MsoNormal">--<br />
_____________________________________________________________________<br />
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br />
New to Asterisk? Join us for a live introductory webinar every Thurs:<br />
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br />
<br />
asterisk-users mailing list<br />
To UNSUBSCRIBE or update options visit:<br />
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
<br /></span>