Thoughts, tips and tricks
June 28, 2023
In May this year, the number of SIP scanning started increasing again. Such an increase in scanning can be easily noticed when looking at the free, publicly available honeypot data that I provide. For example, data like the one in the picture below where you see IP addresses, usually from the same subnet, with a low count of requests made to the honeypots, is a strong indicator of automated scanning.
Support Clock Now Also in Romanian 🇷🇴
April 20, 2023
The free online clock at mysupportclock.com that helps support our loved ones with dementia, now supports the Romanian language 🇷🇴 🎉. Thanks to Stefan M for requesting and providing the necessary inputs for the language. The list of supported languages now are: English Spanish Croatian Romanian Feel free to contact me by email or twitter if you would like a new language supported.
Massive SIP Attacks with VPN?
September 7, 2022
The picture I like to keep an eye on the hourly data statistics of my honeypots just to see if anything interesting pops up. A couple of weeks back I saw something that I just had to take a screenshot of Screenshot of the automated traffic It screamed automation. I quickly tried to see if it was another round of traffic similar to the proxy relay traffic that happened some time back …… It wasn’t, so I didn’t make too much of it.
July 19, 2022
This post is not directly related to tech but is related to something that has recently been close to my heart… Dementia. Those of us who have loved ones suffering from dementia will admit that any help we can find to help our loved ones be less stressed about their new reality is very welcome. I was not successful in finding a simple large digital clock in Croatian with basic information about the day (day/date/time), so I decided to make my own.
Open Relay Abuse
March 31, 2022
The story I really didn’t give much attention to the ‘Country analysis’ world heatmap tab on the SIP honeypot data web interface till I one day noticed that every hour there were over 100 unique IP addresses from the US attacking my honeypots. Checking the database I noticed a pattern in the format of the stored headers in the database. Next I checked the source IPs of the suspicious traffic in Shodan.
Hide From Shodan
October 14, 2021
If you are planning on exposing your private VoIP server to the public internet but are concerned about hacks and attacks, I might have one trick to help keep you hidden. When looking for a website to answer your questions, most people turn to Google. On the other hand, when looking for applications, IPs or network ports exposed on the internet, Shodan.io is usually the first stop. Shodan offers a service, dare I say, like Google, that scans the internet.
Understanding VoIP Hackers
September 1, 2021
Ever since I realized how easy it was to detect potential VoIP fraudsters using the SIP User Agent header , I got more and more interested in finding out how to detect them and more importantly figuring out their thought process. I believe that there is a lot you can learn from looking at the smart techniques fraudsters are using rather than just assuming what they are up to. How best to learn, apart from looking through your logs after you have been hacked, than to create a honeypot, gather data and learn from it.
What Is My IP
April 1, 2021
Some time back as a quick Golang project I built my own ‘what is my IP’ web service. Aside from learning a bit of Golang, I did not have any real use case for it. However, recently when a friend and I were working on some AWS EC2 instances in China, we quickly needed to know our public IP so my friend did what everyone would do curl ifconfig.me To our surprise the connection timed out 😲.
Terraform (Part 3) : Structure
March 28, 2021
I hope parts one and two of this series have got you interested in IaC and Terraform in particular. In part two, the configuration file we used was just one file. In that simple use case it made sense to do it that way but as you start building more complex deployments, it is advisable to split up the configuration into multiple files and folders. Files Splitting the configuration script into multiple files has some benefits:
Terraform (Part 2) : First Deploy
March 23, 2021
In the first part of this series ,Terraform (Part 1) : Intro, I explained the concept behind Terraform (Infrastructure as code). In this part we will get our hands dirty and deploy our first simple infrastructure. Since we will be focusing on Terraform and not on cloud service providers, I decided to use a simple to understand, yet feature rich cloud service provider, DigitalOcean. More on creating an account later.
Terraform (Part 1) : Intro
March 16, 2021
Infrastructure as Code (IaC) has been popular for a while now. If you have tried any of the solutions out there (Terraform, Cloudformation, OpenStack Heat) I am sure you have your favorite and are now wondering how you could have lived without it. For people like me, who do not come from a SysAdmin or SysOps background, the explanation is kind of confusing which leads to questions like, “How does Terraform compare to ……”?
Kamailio : Server Maintenance Mode
March 12, 2021
Sometimes your Kamailio server might need server maintenance and for that you could require a way to drain out traffic. Also, depending on where it sits in your design you might want to return a custom response code so that new traffic routes elsewhere. There is a simple trick to doing this. The idea is simple, set a variable and check its status/value and based on that decide on how to handle new requests.
Kamailio systemd or init.d scripts
March 10, 2021
After every manual installation of Kamailio from git, it is best practice to create an init.d or systemd script to easily start, stop or restart the Kamailio service. A lot of people are still in the habit of creating these scripts manually because it probably was a step they added in their installation scripts years back. Yes, we are all creatures of habit but for a while now there is reason for a change in this habit.
PSSH for Parallel Tasks
March 8, 2021
Have you been caught in the situation where a project you thought would be simple and low maintenance turned out to be popular and now you are faced with the problem of logging into servers and doing repeated tasks because you haven’t had enough ‘free’ time to automate some of your processes? A quick bandaid could be pssh (Parallel SSH). PSSH Quick Intro Pssh lets you log into multiple servers at the same time and run commands.
Initial Invite or Re-Invite
March 5, 2021
When asked, “If I gave you a SIP INVITE packet, could you tell if it was an initial INVITE or a re-INVITE ?", surprisingly most people fail at giving the correct answer. Most assume that a “CSeq 1 INVITE” would be the indicator. However, nowhere in the SIP RFC (3261) does it state that the sequence number in the CSeq header for an initial INVITE must start at 1. A simple way to understand and remember the answer is … Well the purpose of an INVITE is to establish a dialog.
Kamailio Dispatcher Module Hidden Gem
March 4, 2021
Majority of Kamailio deployments involve using it as the core routing engine. Efficient call routing is one of its major tasks in such designs and this is where the dispatcher module really shines, making it one of the most popular modules. If you need to efficiently route or distribute huge amounts of traffic across multiple gateways, you need to have a look at the dispatcher module. Dispatching algorithms The module offers multiple routing algorithms to choose from.
Don't Forget Pipe
March 3, 2021
When we need to mangle or massage some data on a Linux/UNIX server or desktop, we usually like to use applications like Google Sheets or other fully fledged data processing software forgetting about pipes. A basic description of the pipe ( | ) is that it allows the output of one command to be the input of another. What this lets you do is filter data in steps as you chain commands.
How I fell in love with Kamailio (OpenSer)
March 1, 2021
About 10 years ago when I was really interested in SIP and was looking to play around with SIP servers/proxies, I came across the OpenSer project. By then it was already split into Kamailio and OpenSips. I randomly picked OpenSips to test out but had issues with the installation script. Instead of putting effort into figuring out what the issue was I tried out Kamailio and it work the first time round.