SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Max Tulyev maxtul at netassist.ua
Fri Nov 26 18:55:39 UTC 2021


Hi Gavin,

I thought to do something similar ;)

As I can see in the code, you count somebody as a bad actor just because 
of one UDP packet is received. It is a bad idea, because it is easy to 
spoof that packet and make a DoS against some good actor.

Right way: you have to simulate a SIP dialog with this actor, i.e. reply 
them something and wait for the reaction. If the reaction will be like 
in a normal SIP call processing - congratulations, you found a hacker! 
If not, like you sent them a packet they do not expect - it is a DoS and 
a spoofed packet.

24.11.21 23:19, Gavin Henry пише:
> Hi all,
> 
> I hope you don't mind the post, but thought this might be of use and
> in the spirit of release early, release often I've done an alpha
> release:
> 
> https://github.com/SentryPeer/SentryPeer
> 
> There's a presentation too if you'd like to watch/read where I hope to
> go with this:
> 
> https://blog.tadsummit.com/2021/11/17/sentrypeer/
> 
> Working on the API and web UI next, then the p2p part of it. Feel free
> to submit any feature requests or have a play :-)
> 
> Thanks for reading and any feedback is welcome!
> 


More information about the NANOG mailing list