Last week, Hos and I worked on identifying how to emulate a SIP endpoint with HoneyPoint Security Server. We identified an easy way to do it using the BasicTCP capability. This emulation component emulates a basic TCP service and performs in the following manner:
- Listens for connections
- Upon connection, logs the connection details
- Sends the banner file and awaits a response
- Upon response, logs the response data
- Sends the response, repeating the wait and log loop, resending the response to every request
- When the connection limit is reached, it closes the connection
- The banner file – “banner”
- The response file – “response”
In our testing, we were able to closely emulate a SIP connection by creating a banner file that was blank or contained only a CR/LF. Then we added the appropriate SIP messaging into the response file. This emulates a service where thew connection is completed and logged, and the system appears to wait on input. Once input is received, then a SIP message is delivered to the client. In our testing, the SIP tools we worked with accepted the emulation as SIP server and did not flag any anomalies.
I’ll leave the actual SIP messaging as a research project for the reader, to preserve some anonymity for HPSS users. But, if you are an HPSS user and would like to do this, contact support and we will provide you with the specific messaging that we used in our testing.
As always, thanks for reading and especially thanks for being interested in HoneyPoint. We are prepping the next release, and I think you will be blown away by some of the new features and the updates to the documentation. We have been hard at work on this for a while, and I can’t wait to share it with you shortly!
New Blog Post: Emulating SIP with HoneyPoint https://t.co/5uYkm6Mr9E
RT @lbhuston: New Blog Post: Emulating SIP with HoneyPoint https://t.co/5uYkm6Mr9E
MSI :: State of Security Emulating SIP with HoneyPoint #infosec #honeypot #intelligence #nuance #detection https://t.co/TfKujUoXiB
RT @infosectony: MSI :: State of Security Emulating SIP with HoneyPoint #infosec #honeypot #intelligence #nuance #detection https://t.co/Tf…
Emulating SIP with HoneyPoint – Last week, Hos and I worked on identifying how to emulate a SIP endpoint with H… https://t.co/6emNCWBfXY
Emulating SIP with HoneyPoint | MSI :: State of Security https://t.co/sxsmZT2ai6