Skip to content

SIP honeypot network

A global SIP honeypot network that sees attacks before your PBX does.

Every IP in SipRadar's threat feed was caught attacking a real-looking SIP endpoint, not inferred from unrelated abuse data. Our honeypots record REGISTER floods, INVITE scans, and toll-fraud probes around the clock.

Reactive defense is too late

Waiting for fraud on your own trunk means you are the sensor, and you pay the bill for the signal. Honeypots absorb attacks harmlessly and feed intelligence upstream to every SipRadar customer.

214 sensors, one threat graph

Honeypot events flow into a unified graph scored by behavior, geography, and history. The same stream powers the live dashboard, GET /v1/threats, and blacklist.txt.

How SipRadar helps

Live attack dashboard

Watch the ticker on /threat-feed, filter by port, country, and threat score. Click any event for full context.

38-country coverage

Attackers geo-distribute scans. Our mesh catches regional campaigns before they spread globally.

Enterprise private honeypots

Deploy containerized honeypots in your own network with private graph federation on Enterprise plans.

90-day telemetry retention

Investigate campaigns over time. Derived reputation scores persist for long-term blocking decisions.

From honeypot hit to edge block

Subscribe to the API or pull blacklist.txt. Events include timestamp, IP, port, country, user-agent, and threat score: everything your automation needs.

FAQ

Frequently asked questions

Common questions about SIP honeypot network and how SipRadar fits your VoIP security stack.

Ask a question →
  • Passive SIP listeners that record inbound probes are standard security research practice. We operate transparently and publish scanner IP ranges for our audit product.