ACM Transactions on Computer Systems (TOCS)
Beyond folklore: observations on fragmented traffic
IEEE/ACM Transactions on Networking (TON)
Sustaining Availability of Web Services under Distributed Denial of Service Attacks
IEEE Transactions on Computers
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
An edge-to-edge filtering architecture against DoS
ACM SIGCOMM Computer Communication Review
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Analysis of internet backbone traffic and header anomalies observed
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
VoIP defender: highly scalable SIP-based security architecture
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
| Hi-index | 0.00 |
The use of the Internet for VoIP communications has seen an important increase over the last few years, with the Session Initiation Protocol (SIP) as the most popular protocol used for signaling. Unfortunately, SIP devices are quite vulnerable to Denial-of-Service (DoS) attacks, many of them becoming unresponsive and even resetting with floods of only hundreds of packets per second. In this paper we introduce SIP Defender, a new distributed filtering architecture designed to protect SIP devices against large, flooding DoS attacks. In addition, we describe the implementation of the architecture's SIP Controllers, the network devices in charge of performing the actual filtering. We further present testbed performance figures for these, showing that a controller built on commodity hardware can forward an impressive 2.5 million packets per second for small SIP packets while applying one million filters as well as anti-spoofing mechanisms.