Wednesday, March 09, 2011

Visualizing an Attack on a VoIP Honeypot Server

Amazing to watch this attack accelerate!

Visualizing a Security Attack on a VOIP Honeypot Server:

The movie shown below shows a real cyber attack on a honeypot VOIP server extension. Now, it is one thing is to look at some amazing meaningful moving imagery, it is another is to fully comprehend it. So here we go... The imagery shown is based on real data from a real attack. The 'balls' on the right represent some hacker attempting to crack a VOIP server. The balls on the left represent the server's response to the attack. The balls crash into each other and fight it out in the middle of the battlefield. The good balls do better, in this case. Although the attack is relentless and fast-paced, the volume of data from this one attack on a single IP/port (here UDP 5060 for SIP sessions) is really a drop in the ocean in terms of the wider internet. The visualization is created via a Ruby-based tool called "gltail", which is specifically designed to visualize Apache web server logs in real-time. With highly automated and blindingly fast scripting tools, crooks scan the internet looking for these VOIP servers. When found, the tool cracks the passwords on the extensions. Calls can then be made using these passwords. Victims only notice something is wrong when the next phone bill arrives, so there is a 1-2 month window in which the cracked address can be sold and used for illegitimate international calls.

Visualizing a cyber attack on a VOIP server from Ben Reardon, Dataviz Australia on Vimeo.

Through our support of the Honeynet Project, we recently attempted a new approach to visualizing attacks on their VOIP honeypots.

With the increase in popularity of VOIP telephony, attacks are becoming more prevalent. The compromise of a VOIP system can cost the victim over $100,000 in real cash. For example, an Australian based company suffered $120,000 in toll fraud as a result of a VOIP compromise - read the full story here.

The video is intended to be a high level (if not stylized) visualization of the early stages of a cyber criminal compromising a VOIP system.

Credit to gltail, a ruby based tool which we fed heavily hacked/modified logfiles. Also Johann Pachelbel for his beautiful Canon as I was so tired of hearing electronic dance music mixed to hacking videos.


No comments:


Related Posts Plugin for WordPress, Blogger...