.

VoIP Abuse Project

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Sep 21, 2010 8:13 pm

VoIP Abuse Project

For those whose company deals with Voice Over IP and for those wanting to get a birds eye into incident response, analytics, attack trends, etc.:

http://www.infiltrated.net/voipabuse/
http://www.infiltrated.net/voipabuse/honeypot/

I will eventually clean it up, add to it, etc.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Sep 21, 2010 8:44 pm

Re: VoIP Abuse Project

Nice sil!  Bookmarked... thanks!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Oct 04, 2010 12:05 pm

Re: VoIP Abuse Project

Alright, been really busy with this project. For more info on what brought it about, etc. including a blogradio interview see:

Intro
http://voipsa.org/blog/2010/09/28/voip-abuse-project/

Analysis
http://voipsa.org/blog/2010/09/29/voip- ... come-back/

Listen (episode 275)
http://www.talkshoe.com/talkshoe/web/ta ... 622&cmd=tc

Intro to above show
http://www.voipusersconference.org/2010 ... e-project/
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Oct 04, 2010 12:06 pm

Re: VoIP Abuse Project

<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 04, 2010 1:42 pm

Re: VoIP Abuse Project

Great stuff!
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Oct 04, 2010 2:23 pm

Re: VoIP Abuse Project

It actually got "re-interesting" this weekend. I will follow up @ the end of the month as I watch the trends. I've been trying to find a way to easily pull from all my servers, parse from all of them, sort them out uniquely, upload them, script out the html for them, update the pages automatically and use curl to POST to twitter. :( S'a pain. Never enough time in the day

@dynamik my WIP: RWSP @ TechnoForensics ;) End of this month
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 04, 2010 2:52 pm

Re: VoIP Abuse Project

sil wrote:@dynamik my WIP: RWSP @ TechnoForensics ;) End of this month


That's awesome. I probably won't get a shot at that until 2012 (mostly because of weak skills :-[), but it looks amazing. I'm eagerly anticipating the review (and the pass) ;)

While we're on the subject of VOIP, do you have any recommendations for getting started? It seems like Trixbox is a popular system to get up and running quickly. I just don't know what else I need in terms of hardware, software, etc. It's a major shortcoming of mine that I need to remedy.
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Oct 04, 2010 3:55 pm

Re: VoIP Abuse Project

It depends ;) ProPBX? As in for work or home/fiddling. Pro small to midsized office I would go for pbxnsip for its easy of use/functionality. Home (ab)use, Asterisk all the way. Trixbox is "eh" a lot of holes. Depending on which version of Asterisk you use, stay away from 1.8 for now.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 04, 2010 4:19 pm

Re: VoIP Abuse Project

Oh, I just want something to break in lab. It looks like there are free soft phone packages for Asterisk. That should be enough to get me started.
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Oct 04, 2010 7:58 pm

Re: VoIP Abuse Project

For breaking, I would start with Asterisk definitely. A vast majority of open source products have their roots in some shape form or fashion in Asterisk. Don't forget to also tinker with OpenSER (or OpenSIP whichever the stubborn-developers re-forked it as).

I go back and forth with Asterisk, Call Manager Express, pbxnsip for most of my testing/abuse. At the end of the day, SIP is SIP is SIP is ... I priced out Juniper SBC blade for an mx240 (http://www.juniper.net/customers/suppor ... /mx240.jsp) lo and behold was out of my budget :( So I got stuck ordering an mx80 with Acme Packets for SBC's etc...

For the most part, you could use Trixbox although at the end of the day, knowing Asterisk, how its configured, how it works will give you more bang for your buck. For softphones I use mainly Snom's softphone client or XLite
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Oct 05, 2010 6:16 am

Re: VoIP Abuse Project

My preference has always been Asterisk and the CLI as a learning tool or for low resource builds and http://pbxinaflash.net/ for builds where a non-techie needs to manage the box. And as always http://www.voip-info.org/ is your friend. If you really want to get you feet wet, I highly recommend the http://www.digium.com/en/training/courses/#advanced course. I took it a couple years ago with Jared Smith who was one of the authors of Asterisk: The Future of Telephony http://cdn.oreilly.com/books/9780596510480.pdf and Digium's lead trainer. It was a great course and i would highly recommend it for anyone interested in learning more about Asterisk. You get a "free" Polycom hardphone (I got a SP330) and a T1 card (I really only use as a timing source since I use IAX trunks to my ITSP) and an analog telephony card with 1FXO/FXS port with room for expansion using additional daughter cards. Both cards were of course Digium branded.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software