I could host it in our facility at 151 Front. we have plenty of spare IP
addresses.
----- Original Message -----
From: "Henry L.Coleman" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, November 12, 2008 8:54 AM
Subject: Re: [on-asterisk] SIP hack attempts
First.. I think it would be a great idea for Stephan to cover this subject
at one of our meetings
Two.. I can donate a server for Blaine's "better" mouse trap with Trixbox
or Freepbx loaded...NP (I would
also host it but I don't have a spare IP address)
Simon is right this is a subject that has been negleted for a long time.
------------------------------------
Henry L.Coleman CEO [VoIP-PBX.ca]
====================================
< Blaine Aldridge>
Hey All,
Stephan I think your on to something with this mousetrap idea. Could
be used as a 'heads up' for the asterisk administrator.
I think we should actually try to track down on these script kiddies
(as they are not hackers). Figure out who they are working for.
How about a TrixHoneypot?
The idea being that you purposely have what appears to be a insecure
trixbox; no authentication for a specific sip peer and all default
passwords. Which would be running in a VM so its easy to destroy and
recreate. Then you have a second VM of a pure asterisk server. The
TrixHoneypot would place all outbound telephone calls to the asterisk
in the other VM.
The asterisk server instead of actually terminating the calls will
generate a random ring length and then answer it locally play a
recording of someone saying "Hello?" and record the phone call for a
random amount of time then hangup. Thus simulating a successful call.
Syslog on the TrixHoneypot could be setup to send logs to a remote
syslogd.
We would try to find out all the different IPs the hacker is
connecting to TrixHoneypot from. Also we could look at the dial
patterns and listen to the message the script kiddie is trying to
play. I assume they would be doing something like ADAD and just
playing a recording file to the person they have called.
Not only would this screw up their database of what they think were
successful calls but possibly provide us enough info to take to
authorities.
To those on the list that had a trixbox exploited or asterisk did they
first make a test call? Say to a 1800 # or something to verify that
calls were actually terminated correctly? It be funny if they called
their own personal cell phone number as their test call.
If that's the case we could always have the first call go though
successfully (and recorded) to the real number and then all subsequent
calls go to the fake dial plan.
Convoluted... yes. But this way we could actually acquire a lot more
info on the perpetrator and possibly (long shot) catch them.
Blaine Aldridge
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
