Analysis and development of improvements to a system honeypot to mitigate attacks on VoIP services

Authors

  • Juan Matías Koller Universidad Blas Pascal, Argentina
  • Mauricio Gabriel Bísaro Universidad Blas Pascal, Argentina

Keywords:

Honeypot, Flooding, IP telephony, Attacks, Computer security

Abstract

The adoption of telephone communications over IP data networks by public and private companies, implemented either by means of proprietary solutions or by free software, it was a fact over the last decae as it is today. On the other hand, it is known that there are many threats in a data network carrying IP-based services that can infringe almost any service and make it not available. In order to mitigate these threats, an attack detection and control system it is required. Acquiring a product of this type can be unaffordable for many companies, especially for state government agencies as, in general, that kind of systems are too expensive. Therefore, because of the importance of having a vulnerability detection system at a reasonable cost, it was proceeded to install and analyze the performance and operation of a honeypot3 system developed at Universidad Blas Pascal, called "Artemisa”. Such a system was sniffing on the Córdoba State Government data network, for collecting and
analyzing the attacks against IP telephony system. After some study and development, a feature for interacting with the perimetral firewall was added to the Artemisa honeypot system, providing an immediate point of defense, allowing the early and immediate blocking of flooding type attacks.

Downloads

Download data is not yet available.

References

[1] Do Carmo, R.,Masri, Diseño de un honeypot para mejorar la seguridad en la red de telefonía IP del gobierno de la provincia de Córdoba, U.B.P., 2009.
[2] M. Nassar, R. State and O. Festor, "VoIP Honeypot Architecture," in Integrated Network Management, 2007. IM '07. 10th IFIP/IEEE International Symposium on, vol., no., pp.109-118, May 21 2007-Yearly 25 2007
[3] J. Rosenberg, et al., SIP: session initiation protocol. RFC 3261. The Internet Society, 2002.
[4] Do Carmo, R.,Masri. (2009). Código fuente sistema artemisa [Online]. Available: http://sourceforge.net/ (06.06.2014).
[5] Código fuente análisis de vulnerabilidades [Online]. Available: http://www.backtracklinux.org/wiki/index.php/Pentesting_VOIP (12.11.2014).
[6] Fortinet [Online]. Available: http://kb.fortinet.com/kb/microsites/microsite.do (03.04.2015).

Downloads

Published

2015-11-02

How to Cite

[1]
J. M. Koller and M. G. Bísaro, “Analysis and development of improvements to a system honeypot to mitigate attacks on VoIP services”, Memoria investig. ing. (Facultad Ing., Univ. Montev.), no. 13, pp. 63–78, Nov. 2015.

Issue

No. 13 (2015)

Section

Articles

Most read articles by the same author(s)