Analysis of threats on a VoIP based PBX honeypot
Analysis of threats on a VoIP based PBX honeypot
Many organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is now considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well-understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggests a fast-changing approach by the attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledge that this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified the rate of attack is approximately 30 times more aggressive than previous reported research.
113-118
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
3 March 2019
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
Record type:
Conference or Workshop Item
(Paper)
Abstract
Many organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is now considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well-understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggests a fast-changing approach by the attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledge that this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified the rate of attack is approximately 30 times more aggressive than previous reported research.
Text
Analysis of threats on a VoIP Based PBX Honeypot - From Proceedings
More information
Published date: 3 March 2019
Venue - Dates:
13th International Conference for Internet Technology and Secured Transactions, Cambridge, Cambridge, United Kingdom, 2018-12-11 - 2018-12-13
Identifiers
Local EPrints ID: 429318
URI: http://eprints.soton.ac.uk/id/eprint/429318
PURE UUID: cce549e0-8169-49a7-8e95-af0945d042c6
Catalogue record
Date deposited: 26 Mar 2019 17:30
Last modified: 16 Mar 2024 02:52
Export record
Altmetrics
Contributors
Author:
Nathaniel McInnes
Author:
Gary Wills
Author:
Edward Zaluska
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics