Analysis of threats on a VoIP Based PBX Honeypot
Many organisations are moving over from legacy telecommunications to Voice over IP (VoIP), enabling greater flexibility, resilience and an overall cost reduction. Session Initiated Protocol (SIP) is now considered to be the main VoIP protocol in the business–to-business market, but the correct implementation and configuration is not always well-understood. The failure to configure SIP systems correctly has led to significant fraud exploiting a range of vulnerabilities and billions of dollars every year being stolen from companies of all sizes through PBX Hacking via the medium of Toll Fraud. Previous research into this area is now dated but suggests a fast-changing approach by the attackers. Industry organisations such as the Communications Fraud Control Association (CFCA) acknowledge that this is a fast-growing problem. To quantify the size of the current problem, a Honeypot experiment was undertaken using a popular phone system used by businesses. The Honeypot ran for 10 days and recorded just under 19 million SIP messages. This research has identified the rate of attack is approximately 30 times more aggressive than previous reported research.
- Date of Conference: 10-13 December 2018
- DOI: 10.2053/ICITST.WorldCIS.WCST.WCICSS.2018.0015
- ISBN: 978-1-908320-94-0
- Conference Location: University of Cambridge, Churchill College