[asterisk-dev] A new kind of SIP attack ?
Jeff LaCoursiere
jeff at sunfone.com
Mon Sep 12 08:45:27 CDT 2011
On Mon, 2011-09-12 at 09:24 -0400, Tom Browning wrote:
> On Mon, Sep 12, 2011 at 9:17 AM, Jeff LaCoursiere <jeff at sunfone.com> wrote:
>
> > Right. So let your honeypot enter that list (by letting it perform the
> > wget), and see what comes next... will you get a more serious probe that
> > actually tries to accomplish something with it? Where will it come
> > from? I think there would be some use to that.
>
> Agreed. I manually executed the wget command from the honeypot
> virtual machine so I'm surely in the logs.
>
> Since that time, nothing of interest has come into the honeypot other
> than the usual international call attempts. If further activity
> occurs, I will spot it pretty easily.
By the way - I LOVE your honeypot idea - the part about bridging them
all together :) It's those !@$#@ shady calling card companies trying to
save some expense, so by letting them think they have working routes we
are really hitting them where it hurts - the reputation of their cards.
Having dabbled in the calling card business I know that it doesn't take
much for a card to get a bad rep, and then it is done for.
Its also amusing to imagine a bunch of unsuspecting third worlders
jabbering at each other on a giant party line :):)
j
More information about the asterisk-dev
mailing list