Gavin joined us on an Open Source Lounge back in April and provided a pretty good intro to the project. As I understood things then, SentryPeer’s goal is to alert the pbx admin AFTER an extension compromise has happened but BEFORE serious traffic pumping attempts begin. It does this by hosting exploitable honeypots which identify and catalog the outbound calling patterns of known traffic pumping compromises. With the knowledge that pumping exploits often initially make outbound calls to non-suspicious destinations before later making the serious toll calls. SentryPeer attempts to identify and notify the admin during the initial trial balloon phase of the exploit, potentially giving the admin time to investigate before the traffic pumping begins in earnest.
1 Like