sip-tarpit/README.md
2024-04-18 13:43:01 +02:00

26 lines
807 B
Markdown

# SIP tarpit
The idea is that a SIP attacker lost more time while trying to crack this "SIP service".
Could be defined as a slow honeypot...
Initially will be designed against a sipvicious attacker.
## SIP features:
- Answer to OPTIONS
This way will be mapped in the network
- Answer to REGISTER
This way attacker will be entertained for some time... :D
## Use
- Docker: simply do make docker-build && make docker-run
- Install: enter installation directory and run install.sh
## Configure
Read config.toml and adapt it to your preferences. Keep in mind that for docker
use you want to keep log_file="CONSOLE".
## Action Script
You can configure action script by adding it to config.toml.
When a new suspicious IP address is detected, the script will be executed. See
action_script.sh for an example.