The University of Southampton
University of Southampton Institutional Repository

Analysis of a PBX toll fraud honeypot

Analysis of a PBX toll fraud honeypot
Analysis of a PBX toll fraud honeypot
Organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well- understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggested fast-changing approaches by attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledged this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified attackers are using various sophisticated methods to attempt to gain access and trick a PBX into making calls. When comparing previous research, the rate of attack is approximately 30 times more aggressive and the countries from where attacks originate are distributed over 75 countries.
2042-4639
821-830
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Zaluska, Edward
43f6a989-9542-497e-bc9d-fe20f03cad35

McInnes, Nathaniel, Wills, Gary and Zaluska, Edward (2019) Analysis of a PBX toll fraud honeypot. International Journal for Information Security Research (IJISR), 9 (1), 821-830. (doi:10.20533/ijisr.2042.4639.2019.0094).

Record type: Article

Abstract

Organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well- understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggested fast-changing approaches by attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledged this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified attackers are using various sophisticated methods to attempt to gain access and trick a PBX into making calls. When comparing previous research, the rate of attack is approximately 30 times more aggressive and the countries from where attacks originate are distributed over 75 countries.

Text
Analysis_of_a_PBX_Toll_Fraud_Honeypot - Version of Record
Restricted to Repository staff only
Available under License Other.
Request a copy

More information

Published date: 1 March 2019
Additional Information: Published by: Infonomics Society

Identifiers

Local EPrints ID: 433805
URI: https://eprints.soton.ac.uk/id/eprint/433805
ISSN: 2042-4639
PURE UUID: 4b0dc40d-a94a-4132-9362-2bb9b50c6213
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 04 Sep 2019 16:30
Last modified: 14 Sep 2019 00:38

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×