The University of Southampton
University of Southampton Institutional Repository

Analysis of threats on a VoIP based PBX honeypot

Analysis of threats on a VoIP based PBX honeypot
Analysis of threats on a VoIP based PBX honeypot
Many organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is now considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well-understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggests a fast-changing approach by the attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledge that this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified the rate of attack is approximately 30 times more aggressive than previous reported research.
113-118
Infonomics Society
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35

McInnes, Nathaniel, Wills, Gary and Zaluska, Edward (2019) Analysis of threats on a VoIP based PBX honeypot. In Analysis of threats on a VoIP Based PBX Honeypot. Infonomics Society. pp. 113-118 . (doi:10.2053/ICITST.WorldCIS.WCST.WCICSS.2018.0015).

Record type: Conference or Workshop Item (Paper)

Abstract

Many organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is now considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well-understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggests a fast-changing approach by the attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledge that this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified the rate of attack is approximately 30 times more aggressive than previous reported research.

Text
Analysis of threats on a VoIP Based PBX Honeypot - From Proceedings
Download (284kB)

More information

Published date: 3 March 2019
Venue - Dates: 13th International Conference for Internet Technology and Secured Transactions, Cambridge, United Kingdom, 2018-12-11 - 2018-12-13

Identifiers

Local EPrints ID: 429318
URI: https://eprints.soton.ac.uk/id/eprint/429318
PURE UUID: cce549e0-8169-49a7-8e95-af0945d042c6
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 26 Mar 2019 17:30
Last modified: 27 Mar 2019 01:36

Export record

Altmetrics

Contributors

Author: Nathaniel McInnes
Author: Gary Wills ORCID iD
Author: Edward Zaluska

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×