Protecting SIP Proxy Servers from Ringing-Based Denial-of-Service Attacks

8 years 8 months ago
Protecting SIP Proxy Servers from Ringing-Based Denial-of-Service Attacks
As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voiceover-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people's everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated ...
William Conner, Klara Nahrstedt
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where ISM
Authors William Conner, Klara Nahrstedt
Comments (0)