tags:

views:

82

answers:

1

I'm writing a VoIP honeypot. Right now, it's listening on a specific port (SIP) for incoming connections. What would you suggest are the most important features it should have in terms of scanning/attack detection and analyzing? I don't think there are many sophisticated attacks out there (yet), so implementing anything beyond DoS/flooding detection might be a waste of time because creating VoIP sessions (with SIP) and recording and analyzing multimedia streams is more complicated than just to listen for scans on a specific port. But one day those automated attacks might come, similar to what is happening right now to Window RPC/SMB for instance.

Any thoughts on this from people who follow that whole VoIP security topic?

A: 

From> https://www.honeynet.org/node/554

Forensic Challenge 2010/4 - VoIP is now live

Main blog - Tue, 06/01/2010 - 15:18 Challenge 4 of the Honeynet Project Forensic Challenge - titled "VoIP" - is now live. This challenge 4 - provided by Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter - takes you into the realm of voice communications on the Internet. VoIP with SIP is becoming the de-facto standard. As this technology becomes more common, malicious parties have more opportunities and stronger motives to take control of these systems to conduct nefarious activities. This Challenge is designed to examine and explore some of attributes of the SIP and RTP protocols. Note that our Chinese speaking chapters (Julia Cheng from the Taiwanese Chapter, Jianwei Zhuge from the Chinese Chapter and Roland Cheung from the Hongkong Chapter) have taken great initiative and translated the challenge into Chinese, which is available from the simplified Chinese and traditional Chinese pages (will be posted by EOD today.) With this challenge, we are getting on a firm 2 month cycle. You will have one month to submit (deadline is June 30th 2010) and results will be released approximately 3 weeks later. Small prizes will be awarded to the top three submissions. Enjoy the challenge! Categories: Honeynet Blogs, Main blog

belisarius