[asterisk-dev] A new kind of SIP attack ?

Tom Browning ttbrowning at gmail.com
Mon Sep 12 08:24:58 CDT 2011


On Mon, Sep 12, 2011 at 9:17 AM, Jeff LaCoursiere <jeff at sunfone.com> wrote:

> Right.  So let your honeypot enter that list (by letting it perform the
> wget), and see what comes next... will you get a more serious probe that
> actually tries to accomplish something with it?  Where will it come
> from?  I think there would be some use to that.

Agreed.  I manually executed the wget command from the honeypot
virtual machine so I'm surely in the logs.

Since that time, nothing of interest has come into the honeypot other
than the usual international call attempts.  If further activity
occurs, I will spot it pretty easily.



More information about the asterisk-dev mailing list