Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding

Authors:
Ge Zhang;Sven Ehlert;Thomas Magedanz;Dorgham Sisalem
Affiliations:
Fraunhofer Institute FOKUS, Berlin, Germany;Fraunhofer Institute FOKUS, Berlin, Germany;Fraunhofer Institute FOKUS, Berlin, Germany;Tekelec, Berlin, Germany
Venue:
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Year:
2007

Citing 9
Cited 9

Operating system concepts (3rd ed.)

Operating system concepts (3rd ed.)
DNS performance and the effectiveness of caching

IEEE/ACM Transactions on Networking (TON)
Caching on the World Wide Web

IEEE Transactions on Knowledge and Data Engineering
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Impact of configuration errors on DNS robustness

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)

Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds, Second Edition

The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds, Second Edition
Spoof Detection for Preventing DoS Attacks against DNS Servers

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms

IEEE Network: The Magazine of Global Internetworking

Two layer Denial of Service prevention on SIP VoIP infrastructures

Computer Communications
A Self-learning System for Detection of Anomalous SIP Messages

Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks

International Journal of Security and Networks
A Survey of Voice over IP Security Research

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
A first order logic security verification model for SIP

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Labeled VoIP data-set for intrusion detection evaluation

EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Speaker recognition in encrypted voice streams

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Outbound SPIT filter with optimal performance guarantees

Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative remediation of configuration vulnerabilities in autonomic networks and systems

Proceedings of the 8th International Conference on Network and Service Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

A simple yet effective Denial of Service (DoS) attack on SIP servers is to flood the server with requests addressed at irresolvable domain names. In this paper we evaluate different possibilities to mitigate these effects and show that over-provisioning is not sufficient to handle such attacks. As a more effective approach we present a solution called the DNS Attack Detection and Prevention (DADP) scheme based on the usage of a non-blocking DNS cache. Based on various measurement conducted over the Internet we investigate the efficiency of the DADP scheme and compare its performance with different caching strategies applied.