Communications - Scientific Letters of the University of Zilina 2013, 15(11):191-196 | DOI: 10.26552/com.C.2013.2A.191-196

IP Telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VOIP Network

Jakub Safarik1, Miroslav Voznak1, Filip Rezac1, Lukas Macura1
1 Department of Telecommunications, Faculty of Electrical Engineering and Computer Science, VSB-TU Ostrava, Ostrava-Poruba, Czech Republic

The paper aims at gathering information about attacks from real internet infrastructure and their analysis. For this purpose, we prepared a set of honeypots monitoring various aspects of VoIP infrastructure including SIP endpoint and SSH terminal emulation. SIP endpoints are registered with real SIP registrar and the incoming calls are routed to a honeypot according the rules in dialplan. The honeypot gathers valuable data about hacker's activity with no threat to production systems. Analysis of the honeypot data is crucial for further improvement of existing security mechanisms in VoIP networks. The paper describes the honeypot's behaviour and brings an analysis of a detected malicious activity as well.

Keywords: Artemisa, Dionaea, Kippo, VoIP attacks, VoIP honeypot

Published: July 31, 2013  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Safarik, J., Voznak, M., Rezac, F., & Macura, L. (2013). IP Telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VOIP Network. Communications - Scientific Letters of the University of Zilina15(2A), 191-196. doi: 10.26552/com.C.2013.2A.191-196
Share...
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. SPITZNER, L.: Honeypots: Tracking Hackers, Addison-Wesley Professional, 2002.
    2. KLIMO, M., KOVACIKOVA, M., SEGEC, P.: Selected Issues of IP Telephony, Communications - Scientific Letters of the University of Zilina, vol. 6, No. 4, pp. 63-70, 2004. Go to original source...
    3. DUHA, J., DADO, M., JARINA, R.: Communication Technologies and Services, Communications - Scientific Letters of the University of Zilina, vol. 5, No. 3, pp. 33-35, 2003.
    4. SISALEM, D., KUTHAN, J., ELHERT, T. S., FRAUNHOFER, F.: Denial of Service Attacks Targeting SIP VoIP Infrastructure: Attack Scenarios and Prevention Mechanisms. IEEE Network, 2006. Go to original source...
    5. PROVOS, N., HOLZ, T.: Virtual Honeypots, Addison-Wesley Professional, 2007.
    6. REZAC, F., VOZNAK, M., TOMALA, K., ROZHON, J., VYCHODIL, J.: Security Analysis System to Detect Threats on a SIP VoIP Infrastructure Elements, Advances in Electrical and Electronic Engineering, vol. 9, No. 5, pp. 225-23, 2011. Go to original source...
    7. VOZNAK, M., REZAC, F.: Web-based IP Telephony Penetration System Evaluating Level of Protection from Attacks and Threats, WSEAS Transactions on Communications, vol. 10, No. 2, pp. 66-76, February 2011.
    8. JOSHI, R. C., SARDANA, A.: Honeypots: A New Paradigm to Information Security, Science Publishers, 2011. Go to original source...
    9. ENDLER, D., COLLIER, M.: Hacking Exposed VoIP, McGraw-Hill Osborne Media, 2009.
    10. SAFARIK, J., VOZNAK, M., REZAC, F., MACURA, L.: Malicious Traffic Monitoring and its Evaluation in VoIP Infrastructure, 35th Intern. Conference on Telecommunications and Signal Processing, TSP, Prague, pp. 259-262, 2012. Go to original source...
    11. VOZNAK, M., SAFARIK, J.: DoS Attacks Targeting SIP Server and Improvements of Robustness, Intern. J. of Mathematics and Computers in Simulation, vol. 6, No. 1, pp. 177-184, 2012.
    12. VOZNAK, M., REZAC, F.: Threats to Voice over IP Communications Systems, WSEAS Transactions on Computers, vol. 9, No. 11, pp. 1348-1358, November 2010.

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content