Another Open Relay Scan
June 28, 2023
In May this year, the number of SIP scanning started increasing again. Such an increase in scanning can be easily noticed when looking at the free, publicly available honeypot data that I provide. For example, data like the one in the picture below where you see IP addresses, usually from the same subnet, with a low count of requests made to the honeypots, is a strong indicator of automated scanning.
Massive SIP Attacks with VPN?
September 7, 2022
The picture I like to keep an eye on the hourly data statistics of my honeypots just to see if anything interesting pops up. A couple of weeks back I saw something that I just had to take a screenshot of Screenshot of the automated traffic It screamed automation. I quickly tried to see if it was another round of traffic similar to the proxy relay traffic that happened some time back …… It wasn’t, so I didn’t make too much of it.
Open Relay Abuse
March 31, 2022
The story I really didn’t give much attention to the ‘Country analysis’ world heatmap tab on the SIP honeypot data web interface till I one day noticed that every hour there were over 100 unique IP addresses from the US attacking my honeypots. Checking the database I noticed a pattern in the format of the stored headers in the database. Next I checked the source IPs of the suspicious traffic in Shodan.
Hide From Shodan
October 14, 2021
If you are planning on exposing your private VoIP server to the public internet but are concerned about hacks and attacks, I might have one trick to help keep you hidden. When looking for a website to answer your questions, most people turn to Google. On the other hand, when looking for applications, IPs or network ports exposed on the internet, Shodan.io is usually the first stop. Shodan offers a service, dare I say, like Google, that scans the internet.
Understanding VoIP Hackers
September 1, 2021
Ever since I realized how easy it was to detect potential VoIP fraudsters using the SIP User Agent header , I got more and more interested in finding out how to detect them and more importantly figuring out their thought process. I believe that there is a lot you can learn from looking at the smart techniques fraudsters are using rather than just assuming what they are up to. How best to learn, apart from looking through your logs after you have been hacked, than to create a honeypot, gather data and learn from it.
Kamailio : Server Maintenance Mode
March 12, 2021
Sometimes your Kamailio server might need server maintenance and for that you could require a way to drain out traffic. Also, depending on where it sits in your design you might want to return a custom response code so that new traffic routes elsewhere. There is a simple trick to doing this. The idea is simple, set a variable and check its status/value and based on that decide on how to handle new requests.
Kamailio systemd or init.d scripts
March 10, 2021
After every manual installation of Kamailio from git, it is best practice to create an init.d or systemd script to easily start, stop or restart the Kamailio service. A lot of people are still in the habit of creating these scripts manually because it probably was a step they added in their installation scripts years back. Yes, we are all creatures of habit but for a while now there is reason for a change in this habit.
PSSH for Parallel Tasks
March 8, 2021
Have you been caught in the situation where a project you thought would be simple and low maintenance turned out to be popular and now you are faced with the problem of logging into servers and doing repeated tasks because you haven’t had enough ‘free’ time to automate some of your processes? A quick bandaid could be pssh (Parallel SSH). PSSH Quick Intro Pssh lets you log into multiple servers at the same time and run commands.
Kamailio Dispatcher Module Hidden Gem
March 4, 2021
Majority of Kamailio deployments involve using it as the core routing engine. Efficient call routing is one of its major tasks in such designs and this is where the dispatcher module really shines, making it one of the most popular modules. If you need to efficiently route or distribute huge amounts of traffic across multiple gateways, you need to have a look at the dispatcher module. Dispatching algorithms The module offers multiple routing algorithms to choose from.
How I fell in love with Kamailio (OpenSer)
March 1, 2021
About 10 years ago when I was really interested in SIP and was looking to play around with SIP servers/proxies, I came across the OpenSer project. By then it was already split into Kamailio and OpenSips. I randomly picked OpenSips to test out but had issues with the installation script. Instead of putting effort into figuring out what the issue was I tried out Kamailio and it work the first time round.