I am quite surprised about the degree of surprise in the group. A few days ago, somebody called a school and issued a threat, through my network. The call came from China, but of course it was US caller. The DA wants to know where call came from. The caller ID is "Restricted" and the chinese carrier is playing games. If I had a way to store the media IP, I would be able to pinpoint the offender in the US, or the company that touched the media last. As a result of Asterisk not having this functionality, many children are danger and this country at large is at a great peril, since Asterisk is the most widely used low-cost technology for telecommunications. I need Digium to store this IP in the CDR. I will be honest with the government and let them know that my tool is incapable of saving lives or safeguarding our national security because nobody thought about this. PD: I am not paying for a patch, since this is huge burden on a small company like mine, with a single employee, and also because the whole world will enjoy the benefit. It is not fair that I would have to hire somebody to patch Asterisk. I appeal to Digium to patch Asterisk.
I doubt that a media IP would really help, because there are proxies out there. If you need this kind of monitoring, then there are probably better ways to take care of this and they are independent of Asterisk. What you could do is to tap any traffic in the background, e.g. with tcpdump using the -G option and automatically delete the files after a certain period, unless there is a reason to keep the data. The pcap trace would contain a lot of relevant information, even if the traffic is encrypted (like timing data). Depending on national or local laws this might be even a more serious crime than threatening a school. It could still be justified to tap the traffic, like it is for other public authorities, but you would have to find out yourself whether you are or the school is allowed to do this. Actually, I tend to think that it is the school's task to enforce a specific security and surveillance concept and this also applies particularly to their IT structure. You are certainly not in the position to decide whether you should monitor anything unless it is part of your contract. Besides this, it is easy to store any kind of information along with classical CDR data. Just search for "adaptive ODBC", or read the Asterisk book. jg
On 13-10-13 03:06 PM, CDR wrote:> I am quite surprised about the degree of surprise in the group. A few > days ago, somebody called a school and issued a threat, through my > network. The call came from China, but of course it was US caller. The > DA wants to know where call came from. The caller ID is "Restricted" > and the chinese carrier is playing games. If I had a way to store the > media IP, I would be able to pinpoint the offender in the US, or the > company that touched the media last. As a result of Asterisk not > having this functionality, many children are danger and this country > at large is at a great peril, since Asterisk is the most widely used > low-cost technology for telecommunications. > I need Digium to store this IP in the CDR. I will be honest with the > government and let them know that my tool is incapable of saving lives > or safeguarding our national security because nobody thought about > this. > PD: I am not paying for a patch, since this is huge burden on a small > company like mine, with a single employee, and also because the whole > world will enjoy the benefit. It is not fair that I would have to hire > somebody to patch Asterisk. > I appeal to Digium to patch Asterisk. >Don't worry about it, I'll step up and pay for the patch. No need for you to waste your profits on something this. -- Paul Belanger | PolyBeacon, Inc. Jabber: paul.belanger at polybeacon.com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger
On 13/10/13 20:06, CDR wrote:> I am quite surprised about the degree of surprise in the group. A few > days ago, somebody called a school and issued a threat, through my > network. The call came from China, but of course it was US caller. The > DA wants to know where call came from. The caller ID is "Restricted" > and the chinese carrier is playing games.How do you think it works with regular telecomms? The police need to follow the trail. All you need to provide is that the call came in via carrier X and they will then go onto that carrier to see where the call originated. My advice would be to :- 1) Add ${SIPCALLID} to your cdr records. This is the unique ID for the sip call which can be used later. 2) Run "tcpdump -p -s 0 port 5060 -w $siptrace.pcap -C 10 -W 500" -C is how big the dump will be and -W is how many capture files to get before overwriting the old one. make the -C value (10 in this case) big enough so each file lasts 15 minutes or so and the '-W' value big enough so you keep however many days records you need. 3) Now when you get a request look in the cdr records for the callid. Assuming for example its qwertyuiop then look at the time and pick the pcap file covering that time range. Make sure you have the 'wireshark' and 'ngrep' linux packages installed. Then :- tshark -t ad -r TRACEFILE -R 'sip.Call-ID contains qwertyuiop' -w - | ngrep -I - -W byline -t The standard output now contains a complete sip trace and you will be able to see all the media endpoints and exact timings. Thats basically what we do for getting call diagnostics.
On Sun, Oct 13, 2013 at 2:06 PM, CDR <venefax at gmail.com> wrote: <snip>> I need Digium to store this IP in the CDR. I will be honest with the > government and let them know that my tool is incapable of saving lives > or safeguarding our national security because nobody thought about > this. > PD: I am not paying for a patch, since this is huge burden on a small > company like mine, with a single employee, and also because the whole > world will enjoy the benefit. It is not fair that I would have to hire > somebody to patch Asterisk. > I appeal to Digium to patch Asterisk. >I won't comment any further on the technical aspects of what you are looking for; others have already pointed out how various portions of SIP messages can be stored in CDRs and how these portions of the SIP messages are (a) actually of more use than the media IP address in the SDP and (b) meet the requirements being levied by your use case. That aside, I do think it is important to note here that Asterisk does not, by default, have a warranty. This is clearly enumerated in sections 10 and 11 of the GPLv2 license included with Asterisk [1]: NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS As you are using software licensed free of charge under the GPLv2, there is no obligation by anyone in the community or at Digium to provide you with a patch. If you require assistance, there are many avenues you can choose to pursue to gain such assistance. Just as you profit by running Asterisk, others profit by customizing and supporting the Asterisk project. Asterisk is lucky to have many such talented developers who can assist you with such a development effort. If you really require this functionality, I highly suggest that you look to hire said developers to help you with this feature request [2]. [1] http://svn.asterisk.org/svn/asterisk/branches/11/COPYING [2] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Bug+Bounties Matt -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131014/07b61f5e/attachment.html>