[VOIPSEC] Artemisa: An Open-Source VoIP Honeypot

[Rodrigo do Carmo]

Dear VoIP enthusiasts,

I write you to let you know that I developed (together with another people)
an open source honeypot for VoIP networks deploying the SIP protocol. The
link to the project is: http://artemisa.sourceforge.net/
The documentation is still weak since we're just in the first releases of
Artemisa. I hope to have a complete documentation soon.

I briefly give you the most important points of Artemisa:
* It registers itself to your domain SIP proxy (Asterisk, SER, etc.)
* It waits for SIP messages (e.g. INVITE messages which are of course not
expected at the honeypot.)
* It analyzes the received messages in several ways (e.g. it uses nmap to
explore in real-time the IP addresses found in the SIP message and
determines if SIP ports are opened.) and determine its nature (a SPIT call,
an attack made with a well-known attack tool, an interactive attack, a
dialplan fault, a scanning attempt, a ringing attempt, etc.)
* It also records the media if any.
* After the analysis, Artemisa shows a report and sends it by e-mail if it's
configured.
* It can also execute scripts to automatically adjust the firewall to
blacklist the IP of the attacker (this feature is still under development.)

I'm opened to answer any question, doubt, or discuss about Artemisa.

Best regards,
Rodrigo do Carmo.