2022-12-05 17:29:58 +01:00
|
|
|
# SIP tarpit
|
|
|
|
|
The idea is that a SIP attacker lost more time while trying to crack this "SIP service".
|
|
|
|
|
Could be defined as a slow honeypot...
|
|
|
|
|
|
|
|
|
|
Initially will be designed against a sipvicious attacker.
|
|
|
|
|
|
2024-04-17 13:43:46 +02:00
|
|
|
## SIP features:
|
|
|
|
|
- Answer to OPTIONS
|
2022-12-05 17:29:58 +01:00
|
|
|
This way will be mapped in the network
|
|
|
|
|
|
2024-04-17 13:43:46 +02:00
|
|
|
- Answer to REGISTER
|
|
|
|
|
This way attacker will be entertained for some time... :D
|
2022-12-05 17:29:58 +01:00
|
|
|
|
2024-04-17 13:43:46 +02:00
|
|
|
## Use
|
|
|
|
|
- Docker: simply do make docker-build && make docker-run
|
|
|
|
|
- Install: enter installation directory and run install.sh
|
|
|
|
|
|
|
|
|
|
## Configure
|
|
|
|
|
Read config.toml and adapt it to your preferences. Keep in mind that for docker
|
|
|
|
|
use you want to keep log_file="CONSOLE".
|
2024-04-18 13:43:01 +02:00
|
|
|
|
|
|
|
|
## Action Script
|
|
|
|
|
You can configure action script by adding it to config.toml.
|
|
|
|
|
When a new suspicious IP address is detected, the script will be executed. See
|
|
|
|
|
action_script.sh for an example.
|
