Archive for the ‘honeynet’ Category

Why are there VoIP attacks from port 3058?

Monday, December 28th, 2009

Been picking up more and more hits in the VoIP honeypots lately. What puzzles me, is that several of those originate from different IPs but same port number. IANA assigned port 3058 to the following:

videobeans 3058/tcp videobeans
videobeans 3058/udp videobeans

IPs that has hit one or more of our honeypots the latest days:

From port 3058
64.62.243.6
67.23.3.128
69.64.38.111

Other ports
174.129.70.133
207.239.216.52
207.239.216.53
208.38.164.48

Notice the two consecutive IPs, 207.239.216.52 and .53.

But why port 3058… the reason is probably simple, but for now I’m guessing on the same software running on PCs with a public IP.

Posted in VoIP, honeynet | No Comments »

Article about the Honeynet Project

Tuesday, November 24th, 2009

Computerworld in Norway published an article about The Honeynet Project and the Norwegian Honeynet Chapter. This is one of the main tools to learn the tools of how attackers abuse VoIP targets. Her is the Norwegian and English version.

Posted in Uncategorized, VoIP, honeynet | No Comments »

When a journalist misunderstands..

Thursday, July 2nd, 2009

I’m member of the The Honeynet Project, Norwegian Chapter. To learn how the black hats operate is the reason I’m a member. My daily work is with a VoIP Service Provider, and my employee has benefited greatly from my volunteer work in the Honeynet Project. It has also given me a network of like mined all over the world. We are volunteers trying to make the Internet a safer place for you and me.

Therefore it is sad when our mission and tools are misunderstood by journalist. This happened with Aftenposten on Friday 26th of June with this article. We have given our response on our main blog here.

Posted in honeynet | No Comments »