SentryPeer v1.4.1 releases: distributed list of bad IP addresses and phone numbers
SentryPeer
A distributed list of bad IP addresses and phone numbers was collected via a SIP Honeypot.
This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and the number they tried to call. Those details are then used to block them at the service provider’s network and the next time a user/customer tries to call a collected number, it’s blocked.
Traditionally this data is shipped to a central place, so you don’t own the data you’ve collected. This project is all about Peer to Peer sharing of that data. The user owning the data and various Service Provider / Network Provider-related feeds of the data is the key bit for me. I’m sick of all the services out there that keep it and sell it. If you’ve collected it, you should have the choice to keep it and/or opt in to share it with other SentryPeer community members via p2p methods.
Of course, if you don’t want to run any of this and just buy access to the data that users have opted in to share, then that’s a choice too. One day, maybe.
The sharing part…you only get other users’ data if you share yours. That’s the key. It could be used (the sharing of data logic/feature) in many projects too if I get it right 🙂
Goals
- All code Free/Libre and Open Source Software
- FAST
- User owns their data
- User can submit their own data if they want to (you need to enable p2p mode –
-p
) - User gets other users’ data ONLY IF they opt in to submit their data to the pool
- Embedded Distributed Hash Table (DHT) node using OpenDHT (
-p
cli option) - Peer to Peer sharing of collected bad_actors using OpenDHT (default on)
- Peer to Peer data replication to receive collected bad_actors using OpenDHT (default on)
- Multithreaded
- UDP transport
- TCP transport
- TLS transport
- JSON logging to a file
- SIP mode can be disabled. This allows you to run SentryPeer in API mode or DHT mode only etc. i.e. not as a honeypot, but as a node in the SentryPeer community or to just serve replicated data
- SIP responsive mode can be enabled to collect data – cli / env flag
- Local data copy for fast access – cli / env db location flag
- Local API for fast access – cli / env flag
- Local Web GUI for fast access – cli / env flag
- Query API for IP addresses of bad actors
- Query API for IPSET of bad actors
- Query API for a particular IP address of a bad actor
- Query API for attempted phone numbers called by bad actors
- Query API for an attempted phone number called by a bad actor
- Fail2Ban support via
syslog
as per feature request - Local sqlite database – feature / cli flag
- Analytics – opt in
- SDKs/libs for external access – CGRateS to start with or our own firewall with nftables
- Small binary size for IoT usage
- Cross-platform
- Firewall options to use distributed data in real time – DHT?
- Container on Docker Hub for latest build
- BGP agent to peer with for blackholing collected IP addresses (similar to Team Cymru Bogon Router Server Project)
- SIP agent to return 404 or default destination for SIP redirects
Changelog v1.4.1
Changes
- New SIP TCP mode
- New
-b
flag to set your own DHT bootstrap node (default:bootstrap.sentrypeer.org:4222
) - Error handing for
-p
flag if OpenDHT support is not compiled in - Debug mode now shows what OpenDHT-C library version we’re using
- Debug mode for p2p now shows the correct
event_uuid
when checking for duplicate events - Coverity scan fixes
Tests
- New tests for
sip_message_event
type and related functions