serxoz
/
sip-tarpit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sip-tarpit/README.md

807 B
Raw Permalink Blame History

SIP tarpit

The idea is that a SIP attacker lost more time while trying to crack this "SIP service". Could be defined as a slow honeypot...

Initially will be designed against a sipvicious attacker.

SIP features:

  • Answer to OPTIONS This way will be mapped in the network

  • Answer to REGISTER This way attacker will be entertained for some time... :D

Use

  • Docker: simply do make docker-build && make docker-run
  • Install: enter installation directory and run install.sh

Configure

Read config.toml and adapt it to your preferences. Keep in mind that for docker use you want to keep log_file="CONSOLE".

Action Script

You can configure action script by adding it to config.toml. When a new suspicious IP address is detected, the script will be executed. See action_script.sh for an example.