I need to know if it's possible to know which host of the internal network open a dialin call to ISP and connect the router to Internet. The config is:

interface Ethernet0

ip address 192.168.0.249 255.255.255.0

no ip directed-broadcast

ip nat inside

load-interval 30

no cdp enable

!

interface Dialer10

ip address 10.3.3.254 255.255.255.0

no ip directed-broadcast

ip nat outside

encapsulation ppp

dialer remote-name xxx

dialer pool 10

dialer string 1xxxxxxxx

dialer-group 5

pulse-time 0

no cdp enable

ppp authentication chap

ppp chap hostname cdfgvhg

!

dialer-list 5 protocol ip list 110

!

ip nat inside source list 110 interface Dialer9 overload

!

access-list 105 permit ip 192.168.0.0 0.0.0.255 any log

access-list 110 permit ip 192.168.0.0 0.0.0.255 any log

!

I have activated a syslog and the "debug dialer" command, but the output looks like this:

May 7 09:57:06.378: BRI0 DDR: rotor dialout [priority]

May 7 09:57:06.382: BRI0 DDR: Dialing cause ip (s=10.3.3.254, d=10.3.3.3)

May 7 09:57:06.386: BRI0 DDR: Attempting to dial 12345678

May 7 11:57:06: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 64 changed to up

May 7 09:57:06.602: BRI0: wait for isdn carrier timeout, call id=0x8001

May 7 09:57:06.606: BRI0 DDR: Attempting to dial 1xxxxxx

May 7 11:57:09: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

May 7 09:57:09.330: BRI0:1: interface must be fifo queue, force fifo

May 7 11:57:09: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer9

May 7 09:57:09.454: BRI0:1 DDR: dialer protocol up

May 7 11:57:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up

It seems like address translation is performed before the establishment of the connection with ISP. In this way i cannot know which is the IP address of internal host, but i have to do it in order to stop undesired connection. Can you help me?