The Association of Digital Forensics, Security and Law (ADFSL)
30 years ago PABX systems were compromised by hackers wanting to make long distance calls at some other entities expense. This activity faded as telephony became cheaper and PABX systems had countermeasures installed to overcome attacks. Now the world has moved onto the provision of telephony via broadband enabled Voice over Internet Protocol (VoIP) with this service now being provided as a replacement for conventional fixed wire telephony by major telecommunication providers worldwide. Due to increasing bandwidth it is possible for systems to support multiple voice connections simultaneously. The networked nature of the Internet allows for attackers of these VoIP systems to enumerate and potentially attack and compromise a wide range of vulnerable systems. This paper is an outline of preliminary research into malfeasant VoIP activity on the Internet.
1. Herculea, M., T.M. Blaga, and V. Dobrota, Evaluation of Security and Countermeasures for a SIP-based VoIP Architecture, in 7-th International Conference RoEduNet 2008. 2008: Cluj-Napoca, Romania.
2. Bradbury, D., The security challenges inherent in VoIP. Computers & Security, 2007. 26(7): p. 485-487.
3. Jouravlev, I., Mitigating Denial-Of-Service Attacks On VoIP Environment. The International Journal of Applied Management and Technology, 2008. 6(1): p. 183-223.
4. Endler, D. and M. Collier, Hacking exposed VoIP: voice over IP security secrets & solutions. 2006: McGraw-Hill Professional.
5. Guac, S., SIPVicious tool suite. 2010.
6. Usken, S.E. VoIP - Voice over IP or haVock over IP? 2009; Available from: http://www.honeynor.no/data/honeynet-voip-presentation-anonym.pdf.
7. Gayraud, R. and O. Jacques, SIPp. 2010.
8. Roesch, M., Daemonlogger - Packet Logger & Soft Tap. 2006, Sourcefire Inc.
9. Ellson, J. and E. Gansner, Graphviz. 2008.
10. Provos, N. Developments of the Honeyd Virtual Honeypot 2007 [cited 2010 2nd March]; Available from: http://www.honeyd.org/.
"Developing VoIP Honeypots: a Preliminary Investigation into Malfeasant Activity,"
Journal of Digital Forensics, Security and Law: Vol. 5
, Article 3.
Available at: http://commons.erau.edu/jdfsl/vol5/iss2/3