SentryPeer v2.0 releases: distributed list of bad IP addresses and phone numbers

SentryPeer

A distributed list of bad IP addresses and phone numbers was collected via a SIP Honeypot.

This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and the number they tried to call. Those details are then used to block them at the service provider’s network and the next time a user/customer tries to call a collected number, it’s blocked.

Traditionally this data is shipped to a central place, so you don’t own the data you’ve collected. This project is all about Peer to Peer sharing of that data. The user owning the data and various Service Provider / Network Provider-related feeds of the data is the key bit for me. I’m sick of all the services out there that keep it and sell it. If you’ve collected it, you should have the choice to keep it and/or opt in to share it with other SentryPeer community members via p2p methods.

Of course, if you don’t want to run any of this and just buy access to the data that users have opted in to share, then that’s a choice too. One day, maybe.

The sharing part…you only get other users’ data if you share yours. That’s the key. It could be used (the sharing of data logic/feature) in many projects too if I get it right 🙂

Goals

•  All code Free/Libre and Open Source Software
•  FAST
•  User owns their data
•  User can submit their own data if they want to (you need to enable p2p mode – -p)
•  User gets other users’ data ONLY IF they opt in to submit their data to the pool
•  Embedded Distributed Hash Table (DHT) node using OpenDHT (-p cli option)
•  Peer to Peer sharing of collected bad_actors using OpenDHT (default on)
•  Peer to Peer data replication to receive collected bad_actors using OpenDHT (default on)
•  Multithreaded
•  UDP transport
•  TCP transport
•  TLS transport
•  JSON logging to a file
•  SIP mode can be disabled. This allows you to run SentryPeer in API mode or DHT mode only etc. i.e. not as a honeypot, but as a node in the SentryPeer community or to just serve replicated data
•  SIP responsive mode can be enabled to collect data – cli / env flag
•  Local data copy for fast access – cli / env db location flag
•  Local API for fast access – cli / env flag
•  Local Web GUI for fast access – cli / env flag
•  Query API for IP addresses of bad actors
•  Query API for IPSET of bad actors
•  Query API for a particular IP address of a bad actor
•  Query API for attempted phone numbers called by bad actors
•  Query API for an attempted phone number called by a bad actor
•  Fail2Ban support via syslog as per feature request
•  Local sqlite database – feature / cli flag
•  Analytics – opt in
•  SDKs/libs for external access – CGRateS to start with or our own firewall with nftables
•  Small binary size for IoT usage
•  Cross-platform
•  Firewall options to use distributed data in real time – DHT?
•  Container on Docker Hub for latest build
•  BGP agent to peer with for blackholing collected IP addresses (similar to Team Cymru Bogon Router Server Project)
•  SIP agent to return 404 or default destination for SIP redirects

Changelog v2.0

• Added optional -w https://my_sentrypeerhq_onprem_or_cloud_url/events WebHook cli/env var to set URL for bad actor
  JSON to be sent to SentryPeerHQ for the dashboard and other services
• Removed local incomplete web gui. This will be replaced by a new FL/OSS project called SentryPeerHQ

Breaking Changes

• -w now requires a URL to be set as it is used for the WebHook to SentryPeerHQ.
  Before it enabled the local Web UI which has been removed.

Tests

• Added tests for new WebHook feature

Install & Use