First.. I think it would be a great idea for Stephan to cover this subject at one of our meetings Two.. I can donate a server for Blaine's "better" mouse trap with Trixbox or Freepbx loaded...NP (I would also host it but I don't have a spare IP address) Simon is right this is a subject that has been negleted for a long time.
------------------------------------ Henry L.Coleman CEO [VoIP-PBX.ca] ==================================== < Blaine Aldridge> > Hey All, > > Stephan I think your on to something with this mousetrap idea. Could > be used as a 'heads up' for the asterisk administrator. > > I think we should actually try to track down on these script kiddies > (as they are not hackers). Figure out who they are working for. > > How about a TrixHoneypot? > > The idea being that you purposely have what appears to be a insecure > trixbox; no authentication for a specific sip peer and all default > passwords. Which would be running in a VM so its easy to destroy and > recreate. Then you have a second VM of a pure asterisk server. The > TrixHoneypot would place all outbound telephone calls to the asterisk > in the other VM. > > The asterisk server instead of actually terminating the calls will > generate a random ring length and then answer it locally play a > recording of someone saying "Hello?" and record the phone call for a > random amount of time then hangup. Thus simulating a successful call. > > Syslog on the TrixHoneypot could be setup to send logs to a remote syslogd. > > We would try to find out all the different IPs the hacker is > connecting to TrixHoneypot from. Also we could look at the dial > patterns and listen to the message the script kiddie is trying to > play. I assume they would be doing something like ADAD and just > playing a recording file to the person they have called. > > Not only would this screw up their database of what they think were > successful calls but possibly provide us enough info to take to > authorities. > > To those on the list that had a trixbox exploited or asterisk did they > first make a test call? Say to a 1800 # or something to verify that > calls were actually terminated correctly? It be funny if they called > their own personal cell phone number as their test call. > > If that's the case we could always have the first call go though > successfully (and recorded) to the real number and then all subsequent > calls go to the fake dial plan. > > Convoluted... yes. But this way we could actually acquire a lot more > info on the perpetrator and possibly (long shot) catch them. > > Blaine Aldridge > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
