IP Telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VOIP Network

  • Jakub Safarik
  • Miroslav Voznak
  • Filip Rezac
  • Lukas Macura
Keywords: Artemisa, Dionaea, Kippo, VoIP attacks, VoIP honeypot

Abstract

The paper aims at gathering information about attacks from real internet infrastructure and their analysis. For this purpose, we prepared a set of honeypots monitoring various aspects of VoIP infrastructure including SIP endpoint and SSH terminal emulation. SIP endpoints are registered with real SIP registrar and the incoming calls are routed to a honeypot according the rules in dialplan. The honeypot gathers valuable data about hacker’s activity with no threat to production systems. Analysis of the honeypot data is crucial for further improvement of existing security mechanisms in VoIP networks. The paper describes the honeypot’s behaviour and brings an analysis of a detected malicious activity as well.

Author Biographies

Jakub Safarik

Department of Telecommunications, Faculty of Electrical Engineering and Computer Science, VSB-TU Ostrava, Ostrava-Poruba, Czech Republic

Miroslav Voznak

Department of Telecommunications, Faculty of Electrical Engineering and Computer Science, VSB-TU Ostrava, Ostrava-Poruba, Czech Republic

Filip Rezac

Department of Telecommunications, Faculty of Electrical Engineering and Computer Science, VSB-TU Ostrava, Ostrava-Poruba, Czech Republic

Lukas Macura

Department of Telecommunications, Faculty of Electrical Engineering and Computer Science, VSB-TU Ostrava, Ostrava-Poruba, Czech Republic

Published
2013-07-31
How to Cite
Safarik, J., Voznak, M., Rezac, F., & Macura, L. (2013). IP Telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VOIP Network. Communications - Scientific Letters of the University of Zilina, 15(2A), 191-196. Retrieved from http://journals.uniza.sk/index.php/communications/article/view/679
Issue
Vol 15 No 2A (2013)
Section
Articles