Artemisa: a VoIP/SIP-specific honeypot

Implements a user-agent back-end to detect malicious activity: http://artemisa.sourceforge.net/ Links to an external site.

Rodrigo do Carmo, Mohamed Nassar, and Olivier Festor have written a conference paper: “Artemisa: an Open-Source Honeypot Back-End to Support Security in VoIP Domains” [Carmo 2011] about this system.

Slide Notes

Rodrigo do Carmo, Mohamed Nassar, and Olivier Festor. “Artemisa: an Open-Source Honeypot Back-End to Support Security in VoIP Domains”, 12th IFIP/IEEE International Symposium on Integrated Network Management 2011, 23-27 May 2011, pages 361-368. http://hal.inria.fr/docs/00/59/48/57/PDF/TS_14c_78368.pdf Links to an external site.

Transcript

[slide422] There's Artemisa, and this is an approach to basically say, what do we do? We create a honeypot, and we make it so that attackers will want to come here, and then what do we do? We'll watch everything that they do. So we'll learn what kinds of things that the attackers are going to do, and now we can prepare countermeasures for that.