Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Category Archives: honeynet

VoIP and other presentations from the Honeynet Project

The yearly Honeynet Workshop has been great every time!

This year we also had a public day for those not a member. The presentations are publicaly available here.


GSoC project -> Dionea with SIP

Are you a student in need of a summer job and interested in VoIP?

Apply to become a Google Summer of Code student and help the Honeynet Project to improve the SIP module for Dionea!

Join the IRC channel on freenode for any questions on channel #gsoc-honeynet (web client available here)


Why are there VoIP attacks from port 3058?

Been picking up more and more hits in the VoIP honeypots lately. What puzzles me, is that several of those originate from different IPs but same port number. IANA assigned port 3058 to the following:

videobeans 3058/tcp videobeans
videobeans 3058/udp videobeans

IPs that has hit one or more of our honeypots the latest days:

From port 3058

Other ports

Notice the two consecutive IPs, and .53.

But why port 3058… the reason is probably simple, but for now I’m guessing on the same software running on PCs with a public IP.

Article about the Honeynet Project

Computerworld in Norway published an article about The Honeynet Project and the Norwegian Honeynet Chapter. This is one of the main tools to learn the tools of how attackers abuse VoIP targets. Her is the Norwegian and English version.

When a journalist misunderstands..

I’m member of the The Honeynet Project, Norwegian Chapter. To learn how the black hats operate is the reason I’m a member. My daily work is with a VoIP Service Provider, and my employee has benefited greatly from my volunteer work in the Honeynet Project. It has also given me a network of like mined all over the world. We are volunteers trying to make the Internet a safer place for you and me.

Therefore it is sad when our mission and tools are misunderstood by journalist. This happened with Aftenposten on Friday 26th of June with this article. We have given our response on our main blog here.