-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexample_log.log
65 lines (61 loc) · 11.4 KB
/
example_log.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
2021-10-13 20:23:47,293 - 140717365680952 - VOIPHoneypot - INFO - Configuration loaded with ['output_log', 'output_json'] as output plugins
2021-10-13 20:27:51,509 - 140717365680952 - VOIPHoneypot - INFO - Connected to 172.28.3.1
2021-10-13 20:27:51,643 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'connection', 'timestamp': '2021-10-13T20:27:51.642517', 'session': '09d71b8a-2c64-11ec-9918-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43852}
2021-10-13 20:27:57,514 - 140717365680952 - VOIPHoneypot - INFO - === New data arrived from addr:172.28.3.1 data:
b'GET / HTTP/1.0\r\n\r\n'
2021-10-13 20:27:57,514 - 140717365680952 - VOIPHoneypot - INFO - findall[rn] - ['GET / HTTP/1.0', '', '']
2021-10-13 20:27:57,516 - 140717365680952 - VOIPHoneypot - INFO - Prepare dict for headers -
{}
2021-10-13 20:28:02,520 - 140717365680952 - VOIPHoneypot - INFO - Disconnected of 172.28.3.1
2021-10-13 20:28:02,523 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'disconnection', 'timestamp': '2021-10-13T20:28:02.520096', 'session': '09d71b8a-2c64-11ec-9918-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43852}
2021-10-13 20:28:02,528 - 140717365680952 - VOIPHoneypot - INFO - Connected to 172.28.3.1
2021-10-13 20:28:02,529 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'connection', 'timestamp': '2021-10-13T20:28:02.522939', 'session': '1067bae9-2c64-11ec-b978-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43854}
2021-10-13 20:28:02,531 - 140717365680952 - VOIPHoneypot - INFO - === New data arrived from addr:172.28.3.1 data:
b'OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/TCP nm;branch=foo\r\nFrom: <sip:nm@nm>;tag=root\r\nTo: <sip:nm2@nm2>\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: <sip:nm@nm>\r\nAccept: application/sdp\r\n\r\n'
2021-10-13 20:28:02,532 - 140717365680952 - VOIPHoneypot - INFO - findall[rn] - ['OPTIONS sip:nm SIP/2.0', 'Via: SIP/2.0/TCP nm;branch=foo', 'From: <sip:nm@nm>;tag=root', 'To: <sip:nm2@nm2>', 'Call-ID: 50000', 'CSeq: 42 OPTIONS', 'Max-Forwards: 70', 'Content-Length: 0', 'Contact: <sip:nm@nm>', 'Accept: application/sdp', '', '']
2021-10-13 20:28:02,533 - 140717365680952 - VOIPHoneypot - INFO - Prepare dict for headers -
{'OPTIONS sip': 'nm SIP/2.0', 'Via': 'SIP/2.0/TCP nm;branch=foo', 'From': '<sip:nm@nm>;tag=root', 'To': '<sip:nm2@nm2>', 'Call-ID': '50000', 'CSeq': '42 OPTIONS', 'Max-Forwards': '70', 'Content-Length': '0', 'Contact': '<sip:nm@nm>', 'Accept': 'application/sdp'}
2021-10-13 20:28:02,534 - 140717365680952 - VOIPHoneypot - INFO - Received OPTIONS
2021-10-13 20:28:02,536 - 140717365680952 - VOIPHoneypot - INFO - Options headers: SIP/2.0 200 OK
Via: SIP/2.0/TCP 172.28.3.1:43854;rport=43854;branch=foo
To: <sip:nm@nm>;tag=root
From: 100 <sip:[email protected]> tag=root
Call-ID: 50000
CSeq: 42 OPTI100 <sip:[email protected]>,
replaces, timer, ACK, OPTIONS, BYE, CANCEL, REFER, NOTIFY, INFO, PRACK, UPDATE, MESSAGE
Accept: application/sdp, message/sipfrag, application/dtmf-relay
Accept-Language: en
2021-10-13 20:28:02,537 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'command_accept', 'command_input': 'OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/TCP nm;branch=foo\r\nFrom: <sip:nm@nm>;tag=root\r\nTo: <sip:nm2@nm2>\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: <sip:nm@nm>\r\nAccept: application/sdp\r\n\r\n', 'command_output': 'SIP/2.0 200 OK\r\nVia: SIP/2.0/TCP 172.28.3.1:43854;rport=43854;branch=foo\r\nTo: <sip:nm@nm>;tag=root\r\nFrom: 100 <sip:[email protected]> tag=root\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContact: 100 <sip:[email protected]>\r\nSupported: 100rel, replaces, timer\r\nAllow: INVITE, ACK, OPTIONS, BYE, CANCEL, REFER, NOTIFY, INFO, PRACK, UPDATE, MESSAGE\r\nAccept: application/sdp, message/sipfrag, application/dtmf-relay\r\nAccept-Language: en\r\n\r\n', 'command_input_codec': 'bytes', 'command_output_codec': 'bytes', 'timestamp': '2021-10-13T20:28:02.525223', 'session': '1067bae9-2c64-11ec-b978-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43854}
2021-10-13 20:28:10,026 - 140717365680952 - VOIPHoneypot - INFO - Disconnected of 172.28.3.1
2021-10-13 20:28:10,030 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'disconnection', 'timestamp': '2021-10-13T20:28:10.025689', 'session': '1067bae9-2c64-11ec-b978-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43854}
2021-10-13 20:28:10,032 - 140717365680952 - VOIPHoneypot - INFO - Connected to 172.28.3.1
2021-10-13 20:28:10,033 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'connection', 'timestamp': '2021-10-13T20:28:10.028871', 'session': '14e10a72-2c64-11ec-82db-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43856}
2021-10-13 20:28:10,035 - 140717365680952 - VOIPHoneypot - INFO - === New data arrived from addr:172.28.3.1 data:
b'\x00\x1e\x00\x06\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07version\x04bind\x00\x00\x10\x00\x03'
2021-10-13 20:28:10,036 - 140717365680952 - VOIPHoneypot - INFO - ELSE was delivered
�
���������versionbind���
2021-10-13 20:28:10,037 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'command_accept', 'command_input': '\x00\x1e\x00\x06\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07version\x04bind\x00\x00\x10\x00\x03', 'command_output': '', 'command_input_codec': 'bytes', 'command_output_codec': 'plain', 'timestamp': '2021-10-13T20:28:10.030286', 'session': '14e10a72-2c64-11ec-82db-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43856}
2021-10-13 20:28:15,033 - 140717365680952 - VOIPHoneypot - INFO - Disconnected of 172.28.3.1
2021-10-13 20:28:15,034 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'disconnection', 'timestamp': '2021-10-13T20:28:15.033253', 'session': '14e10a72-2c64-11ec-82db-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43856}
2021-10-13 20:28:18,051 - 140717365680952 - VOIPHoneypot - INFO - Connected to 172.28.3.1
2021-10-13 20:28:18,052 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'connection', 'timestamp': '2021-10-13T20:28:18.051138', 'session': '19a924be-2c64-11ec-98ca-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43868}
2021-10-13 20:28:18,119 - 140717365680952 - VOIPHoneypot - INFO - === New data arrived from addr:172.28.3.1 data:
b'OPTIONS sip:172.28.3.2 SIP/2.0\r\nVia: SIP/2.0/TCP 172.28.3.1:43868;rport;branch=z9hG4bKde4UB5Gaoj9NOMn3ZpNxtaxiu\r\nMax-Forwards: 70\r\nFrom: "Nmap NSE" <sip:[email protected]>;tag=9GCZVG20_M15SRi2QvGc\r\nTo: "Nmap NSE" <sip:[email protected]>\r\nCall-ID: FzTK51tqJ1Mq1_9mqLB2nwGMt_OrvCO02iAxZtcikpOapMCVXDMA0TMiTaPD\r\nCSeq: 1234 OPTIONS\r\nUser-Agent: Nmap NSE\r\nContact: "Nmap NSE" <sip:[email protected]:43868>\r\nExpires: 300\r\nAllow: PRACK, INVITE ,ACK, BYE, CANCEL, UPDATE, SUBSCRIBE,NOTIFY, REFER, MESSAGE, OPTIONS\r\nAccept: application/sdp\r\nContent-Length: 0\r\n\r\n'
2021-10-13 20:28:18,122 - 140717365680952 - VOIPHoneypot - INFO - findall[rn] - ['OPTIONS sip:172.28.3.2 SIP/2.0', 'Via: SIP/2.0/TCP 172.28.3.1:43868;rport;branch=z9hG4bKde4UB5Gaoj9NOMn3ZpNxtaxiu', 'Max-Forwards: 70', 'From: "Nmap NSE" <sip:[email protected]>;tag=9GCZVG20_M15SRi2QvGc', 'To: "Nmap NSE" <sip:[email protected]>', 'Call-ID: FzTK51tqJ1Mq1_9mqLB2nwGMt_OrvCO02iAxZtcikpOapMCVXDMA0TMiTaPD', 'CSeq: 1234 OPTIONS', 'User-Agent: Nmap NSE', 'Contact: "Nmap NSE" <sip:[email protected]:43868>', 'Expires: 300', 'Allow: PRACK, INVITE ,ACK, BYE, CANCEL, UPDATE, SUBSCRIBE,NOTIFY, REFER, MESSAGE, OPTIONS', 'Accept: application/sdp', 'Content-Length: 0', '', '']
2021-10-13 20:28:18,123 - 140717365680952 - VOIPHoneypot - INFO - Prepare dict for headers -
{'OPTIONS sip': '172.28.3.2 SIP/2.0', 'Via': 'SIP/2.0/TCP 172.28.3.1:43868;rport;branch=z9hG4bKde4UB5Gaoj9NOMn3ZpNxtaxiu', 'Max-Forwards': '70', 'From': '"Nmap NSE" <sip:[email protected]>;tag=9GCZVG20_M15SRi2QvGc', 'To': '"Nmap NSE" <sip:[email protected]>', 'Call-ID': 'FzTK51tqJ1Mq1_9mqLB2nwGMt_OrvCO02iAxZtcikpOapMCVXDMA0TMiTaPD', 'CSeq': '1234 OPTIONS', 'User-Agent': 'Nmap NSE', 'Contact': '"Nmap NSE" <sip:[email protected]:43868>', 'Expires': '300', 'Allow': 'PRACK, INVITE ,ACK, BYE, CANCEL, UPDATE, SUBSCRIBE,NOTIFY, REFER, MESSAGE, OPTIONS', 'Accept': 'application/sdp', 'Content-Length': '0'}
2021-10-13 20:28:18,125 - 140717365680952 - VOIPHoneypot - INFO - Received OPTIONS
2021-10-13 20:28:18,126 - 140717365680952 - VOIPHoneypot - INFO - Options headers: SIP/2.0 200 OK
Via: SIP/2.0/TCP 172.28.3.1:43868;rport=43868;branch=z9hG4bKde4UB5Gaoj9NOMn3ZpNxtaxiu
To: "Nmap NSE" <sip:[email protected]>;tag=9GCZVG20_M15SRi2QvGc
From: 100 <sip:[email protected]> tag=9GCZVG20_M15SRi2QvGc
Call-ID: FzTK51tqJ1Mq1_9mqLB2nwGMt_OrvCO02iAxZtcikpOapMCVXDMA0TMiTaPD
CSeq: 1234 OPTIONS
Contact: 100 <sip:[email protected]>
Supported: 100rel, replaces, timer
Allow: INVITE, ACK, OPTIONS, BYE, CANCEL, REFER, NOTIFY, INFO, PRACK, UPDATE, MESSAGE
Accept: application/sdp, message/sipfrag, application/dtmf-relay
Accept-Language: en
2021-10-13 20:28:18,127 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'command_accept', 'command_input': 'OPTIONS sip:172.28.3.2 SIP/2.0\r\nVia: SIP/2.0/TCP 172.28.3.1:43868;rport;branch=z9hG4bKde4UB5Gaoj9NOMn3ZpNxtaxiu\r\nMax-Forwards: 70\r\nFrom: "Nmap NSE" <sip:[email protected]>;tag=9GCZVG20_M15SRi2QvGc\r\nTo: "Nmap NSE" <sip:[email protected]>\r\nCall-ID: FzTK51tqJ1Mq1_9mqLB2nwGMt_OrvCO02iAxZtcikpOapMCVXDMA0TMiTaPD\r\nCSeq: 1234 OPTIONS\r\nUser-Agent: Nmap NSE\r\nContact: "Nmap NSE" <sip:[email protected]:43868>\r\nExpires: 300\r\nAllow: PRACK, INVITE ,ACK, BYE, CANCEL, UPDATE, SUBSCRIBE,NOTIFY, REFER, MESSAGE, OPTIONS\r\nAccept: application/sdp\r\nContent-Length: 0\r\n\r\n', 'command_output': 'SIP/2.0 200 OK\r\nVia: SIP/2.0/TCP 172.28.3.1:43868;rport=43868;branch=z9hG4bKde4UB5Gaoj9NOMn3ZpNxtaxiu\r\nTo: "Nmap NSE" <sip:[email protected]>;tag=9GCZVG20_M15SRi2QvGc\r\nFrom: 100 <sip:[email protected]> tag=9GCZVG20_M15SRi2QvGc\r\nCall-ID: FzTK51tqJ1Mq1_9mqLB2nwGMt_OrvCO02iAxZtcikpOapMCVXDMA0TMiTaPD\r\nCSeq: 1234 OPTIONS\r\nContact: 100 <sip:[email protected]>\r\nSupported: 100rel, replaces, timer\r\nAllow: INVITE, ACK, OPTIONS, BYE, CANCEL, REFER, NOTIFY, INFO, PRACK, UPDATE, MESSAGE\r\nAccept: application/sdp, message/sipfrag, application/dtmf-relay\r\nAccept-Language: en\r\n\r\n', 'command_input_codec': 'bytes', 'command_output_codec': 'bytes', 'timestamp': '2021-10-13T20:28:18.118383', 'session': '19a924be-2c64-11ec-98ca-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43868}
2021-10-13 20:28:18,166 - 140717365680952 - VOIPHoneypot - INFO - Disconnected of 172.28.3.1
2021-10-13 20:28:18,167 - 140717365680952 - VOIPHoneypot - INFO - {'eventid': 'disconnection', 'timestamp': '2021-10-13T20:28:18.166425', 'session': '19a924be-2c64-11ec-98ca-0242ac1c0302', 'type': 'd_link_dph150s', 'protocol': 'tcp', 'dest_ip': '172.28.3.2', 'dest_port': 5060, 'src_ip': '172.28.3.1', 'src_port': 43868}