Anonymous Calls on Asterisk


I have serious issue here. I have integration of my Asterisk with Telecom Operator and they sent me CDRs that from our SIP lines we did ISD calls from Anonymous users.

Any one help on this to me please that how it is possible

Not sure what you mean by ISD.

Asterisk has various options for sending caller ID over SIP. By default it uses the user part of the From header, but can be configured to send Remote-Party-ID or P-Asserted-Identity.

The From header will be overridden if you use fromuser, or the PJSIP equivalent. It will also be overridden (to anonymous) if caller ID presentation is disabled.

The other options respect and signal caller ID presentation. I believe the latest versions have the option of doing so in both service provider to service provider (flag as denied but actually send) and service provider to end user modes (suppress the ID as well) modes.

By default the caller ID and presentation mode will be taken from the information received on the incoming line, but caller ID, at least, can be overridden in the channel technology configuration file (sip.conf etc.) for the incoming device, and both can be overridden, with the CALLERID function, in the dialplan.

You need to find out how your service provider expects to receive caller ID, decide how and when you want to present it, and then select appropriate mechanisms from those above, te achieve those aims.

ISD means international calls was done from my server. See this

From: "Anonymous"sip:xxx

Are you saying that you didn’t authorise the calls. In that case, you haven’t secured the sever properly. Either you have both allowguest=yes and the default context has the ability to make toll calls, both of which is normally bad practice, or you have weak passwords on your local devices.

fail2ban can help rate limit attacks, but you need to reject most attacks for even that to work.

Any SIP server open to the internet will receive toll fraud attempts within minutes, so it is up to you to secure it properly.

Also note that your log appears to be incomplete. Part of that is the result of not marking it as unformatted text, but I think you were also too selective about what you included.