Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Hi Gavin,

I thought to do something similar :wink:

As I can see in the code, you count somebody as a bad actor just because of one UDP packet is received. It is a bad idea, because it is easy to spoof that packet and make a DoS against some good actor.

Right way: you have to simulate a SIP dialog with this actor, i.e. reply them something and wait for the reaction. If the reaction will be like in a normal SIP call processing - congratulations, you found a hacker! If not, like you sent them a packet they do not expect - it is a DoS and a spoofed packet.

24.11.21 23:19, Gavin Henry ะฟะธัˆะต: