EH-Net

For those whose company deals with Voice Over IP and for those wanting to get a birds eye into incident response, analytics, attack trends, etc.:

http://www.infiltrated.net/voipabuse/
http://www.infiltrated.net/voipabuse/honeypot/

I will eventually clean it up, add to it, etc.

Nice sil!  Bookmarked... thanks!

Alright, been really busy with this project. For more info on what brought it about, etc. including a blogradio interview see:

Intro
http://voipsa.org/blog/2010/09/28/voip-abuse-project/

Analysis
http://voipsa.org/blog/2010/09/29/voip-attackers-sometimes-they-come-back/

Listen (episode 275)
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=22622&cmd=tc

Intro to above show
http://www.voipusersconference.org/2010/voip-abuse-project/

Durf...

Interview with Dark Reading
http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227500994

Great stuff!

It actually got "re-interesting" this weekend. I will follow up @ the end of the month as I watch the trends. I've been trying to find a way to easily pull from all my servers, parse from all of them, sort them out uniquely, upload them, script out the html for them, update the pages automatically and use curl to POST to twitter. :( S'a pain. Never enough time in the day

@dynamik my WIP: RWSP @ TechnoForensics ;) End of this month

That's awesome. I probably won't get a shot at that until 2012 (mostly because of weak skills :-[), but it looks amazing. I'm eagerly anticipating the review (and the pass) ;)

While we're on the subject of VOIP, do you have any recommendations for getting started? It seems like Trixbox is a popular system to get up and running quickly. I just don't know what else I need in terms of hardware, software, etc. It's a major shortcoming of mine that I need to remedy.

It depends ;) ProPBX? As in for work or home/fiddling. Pro small to midsized office I would go for pbxnsip for its easy of use/functionality. Home (ab)use, Asterisk all the way. Trixbox is "eh" a lot of holes. Depending on which version of Asterisk you use, stay away from 1.8 for now.

Oh, I just want something to break in lab. It looks like there are free soft phone packages for Asterisk. That should be enough to get me started.

For breaking, I would start with Asterisk definitely. A vast majority of open source products have their roots in some shape form or fashion in Asterisk. Don't forget to also tinker with OpenSER (or OpenSIP whichever the stubborn-developers re-forked it as).

I go back and forth with Asterisk, Call Manager Express, pbxnsip for most of my testing/abuse. At the end of the day, SIP is SIP is SIP is ... I priced out Juniper SBC blade for an mx240 (http://www.juniper.net/customers/support/products/mx240.jsp) lo and behold was out of my budget :( So I got stuck ordering an mx80 with Acme Packets for SBC's etc...

For the most part, you could use Trixbox although at the end of the day, knowing Asterisk, how its configured, how it works will give you more bang for your buck. For softphones I use mainly Snom's softphone client or XLite

My preference has always been Asterisk and the CLI as a learning tool or for low resource builds and http://pbxinaflash.net/ (http://pbxinaflash.net/) for builds where a non-techie needs to manage the box. And as always http://www.voip-info.org/ (http://www.voip-info.org/) is your friend. If you really want to get you feet wet, I highly recommend the http://www.digium.com/en/training/courses/#advanced (http://www.digium.com/en/training/courses/#advanced) course. I took it a couple years ago with Jared Smith who was one of the authors of Asterisk: The Future of Telephony http://cdn.oreilly.com/books/9780596510480.pdf (http://cdn.oreilly.com/books/9780596510480.pdf) and Digium's lead trainer. It was a great course and i would highly recommend it for anyone interested in learning more about Asterisk. You get a "free" Polycom hardphone (I got a SP330) and a T1 card (I really only use as a timing source since I use IAX trunks to my ITSP) and an analog telephony card with 1FXO/FXS port with room for expansion using additional daughter cards. Both cards were of course Digium branded.