Instructions:
Uncompress the challenge (pass: cyberdefenders.org)
This challenge takes you into the world of voice communications on the internet. VoIP is becoming the de-facto standard for voice communication. As this technology becomes more common, malicious parties have more opportunities and stronger motives to control these systems to conduct nefarious activities. This challenge was designed to examine and explore some of the attributes of the SIP and RTP protocols.
Challenge Files:
- "log.txt" was generated from an unadvertised, passive honeypot located on the internet such that any traffic destined to it must be nefarious. Unknown parties scanned the honeypot with a range of tools, and this activity is represented in the log file.
- The IP address of the honeypot has been changed to "honey.pot.IP.removed". In terms of geolocation, pick your favorite city.
- The MD5 hash in the authorization digest is replaced with "MD5_hash_removedXXXXXXXXXXXXXXXX"
- Some octets of external IP addresses have been replaced with an "X"
- Several trailing digits of phone numbers have been replaced with an "X"
- Assume the timestamps in the log files are UTC.
- "Voip-trace.pcap" was created by honeynet members for this forensic challenge to allow participants to employ network analysis skills in the VOIP context.
Tools: