RT Journal Article
SR Electronic
A1 Safarik, Jakub
A1 Voznak, Miroslav
A1 Rezac, Filip
A1 Macura, Lukas
T1 IP Telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VOIP Network
JF Communications - Scientific Letters of the University of Zilina
YR 2013
VO 15
IS 11
SP 191
OP 196
DO 10.26552/com.C.2013.2A.191-196
UL https://komunikacie.uniza.sk/artkey/csl-201311-0033.php
AB The paper aims at gathering information about attacks from real internet infrastructure and their analysis. For this purpose, we prepared a set of honeypots monitoring various aspects of VoIP infrastructure including SIP endpoint and SSH terminal emulation. SIP endpoints are registered with real SIP registrar and the incoming calls are routed to a honeypot according the rules in dialplan. The honeypot gathers valuable data about hacker's activity with no threat to production systems. Analysis of the honeypot data is crucial for further improvement of existing security mechanisms in VoIP networks. The paper describes the honeypot's behaviour and brings an analysis of a detected malicious activity as well.