VoIP Security. Request for volunteer attackers (Open Source honeypot project)
Dear VoIP enthusiasts and Community members,
We're writing in order to invite you all to participate in a research open-source project, we've been working in since the beginning of this year. This project is sponsored by the Science and Technology Government Department from Córdoba province, Argentina.
The link to the project: http://artemisa.sourceforge.net/ . Our work is related to an open source honeypot, named Artemisa, for VoIP networks deploying the SIP protocol. We'll really appreciate the participation of anyone that has interest to play the attacker's role, if possible concentrating in the VoIP service we are exposing. So as to let us capture relevant information related with real attacks. As a result, we'll be able to do an analysis of the efficiency of the platform. Furthermore, a statistical analysis, of all the received attacks, will be performed.
Target sip extensions:
1) sip:firstname.lastname@example.org or sip:email@example.com (Public Free ext)
2) sip:firstname.lastname@example.org or sip:email@example.com (Public Free ext)
3) sip:firstname.lastname@example.org (SER)
4) sip:email@example.com or sip:firstname.lastname@example.org (Public Free ext)
5) sip:email@example.com or sip:firstname.lastname@example.org (Public Free ext)
6) sip:email@example.com (Asterisk)
7) sip:firstname.lastname@example.org:5061 (SER)
8) sip:email@example.com (Asterisk)
We briefly give you a description of the honeypot:
Artemisa is a VoIP/SIP-specific honeypot software designed to connect to a VoIP enterprise domain as a user-agent back-end in order to detect malicious activity at an early stage. It registers multiple SIP accounts, which do not represent real human subscribers, at one or more VoIP service providers, and wait for incoming attacks. Besides, Artemisa can play a role in the real-time adjustment of the security policies of the enterprise domain where it is deployed (e.g. setting rules in a firewall to ban IPs or in the VoIP PBX to ban caller-IDs).
Thanks for your time, hope you'll actively participate (attack!) the sip extension presented above. To contact us: firstname.lastname@example.org
Exequiel Barrirero / Mauro Villarroel.-