Analysis of a PBX toll fraud honeypot
Analysis of a PBX toll fraud honeypot
Organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well- understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggested fast-changing approaches by attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledged this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified attackers are using various sophisticated methods to attempt to gain access and trick a PBX into making calls. When comparing previous research, the rate of attack is approximately 30 times more aggressive and the countries from where attacks originate are distributed over 75 countries.
821-830
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
1 March 2019
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
McInnes, Nathaniel, Wills, Gary and Zaluska, Edward
(2019)
Analysis of a PBX toll fraud honeypot.
International Journal for Information Security Research (IJISR), 9 (1), .
(doi:10.20533/ijisr.2042.4639.2019.0094).
Abstract
Organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well- understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggested fast-changing approaches by attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledged this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified attackers are using various sophisticated methods to attempt to gain access and trick a PBX into making calls. When comparing previous research, the rate of attack is approximately 30 times more aggressive and the countries from where attacks originate are distributed over 75 countries.
Text
Analysis_of_a_PBX_Toll_Fraud_Honeypot
- Version of Record
Restricted to Repository staff only
Available under License Other.
Request a copy
More information
Published date: 1 March 2019
Additional Information:
Published by: Infonomics Society
Identifiers
Local EPrints ID: 433805
URI: http://eprints.soton.ac.uk/id/eprint/433805
ISSN: 2042-4639
PURE UUID: 4b0dc40d-a94a-4132-9362-2bb9b50c6213
Catalogue record
Date deposited: 04 Sep 2019 16:30
Last modified: 07 Oct 2020 05:41
Export record
Altmetrics
Contributors
Author:
Nathaniel McInnes
Author:
Edward Zaluska
University divisions
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics
