SentryPeer, A distributed list of bad IP addresses and phone numbers collected via a SIP Honeypot.

Video and Slides

Outline

SentryPeer, A distributed list of bad IP addresses and phone numbers collected via a SIP Honeypot.

Gavin Henry, CIO at TelcoSwitch and SureVoIP Founder.

  • What is SentryPeer? A distributed list of bad IP addresses and phone numbers collected via a SIP Honeypot.
  • Why is it different?
  • Technology Description
  • Results so far
  • Please contribute!

Review

Firstly, congratulations to Gavin, his business, SureVoIP, was bought by TelcoSwitch earlier this year. We covered this in CXTech Week 31 2021.

SentryPeer is a new open source project, and provides a great case study on why such projects begin. We’ll be tracking its development.

It’s a side-project, fulfilling several gaps in the market and learning / development needs for Gavin. The differentiation from other projects is the peer to peer approach using BitTorrent tit-for-tat for sharing the IP addresses and phone numbers. And as you’d expect with an open source project you can run this all yourself.

On the technology stack:

  • Written in C
  • Uses libosip
  • Hosted on GitHub
  • Uses sqlite
  • Uses lmdb for API
  • Uses Zyre for Peer to Peer
  • Web GUI and REST API
  • BGP and SIP endpoints

Once Gavin had a prototype fired up he started getting hits within 20 minutes! And then he started being hit with lots of SIP INVITES, so much so that the prototype became overloaded. And then interestingly, the INVITES backed off as the bad actor detected overload.

Here are the links so you can set it up yourself, if you see value please contribute to SentryPeer, thank you. Good luck Gavin!

https://twitter.com/SentryPeer
https://github.com/SentryPeer/SentryPeer
https://sentrypeer.org