Abstract
We introduce a novel SIP based attack, named as the SR-DRDoS attack, that exploits some less known SIP features by using the IP-spoofing technique, the reflection based attack logic and the DDoS attack logic. Furthermore, we develop a SIP-based DoS/DDoS attack simulator, named Mr. SIP, and use it to implement our SR-DRDoS attack. Our attack is shown to dramatically increase the CPU load of a SIP server from 0% up to 100% in only 4 minutes after the attack is initiated. Since our intelligent attack creates legitimate traffic on the SIP network by using reflection methods, it bypasses black-lists as well as IP, packet-count or session/transaction based rate limiting and automatic message generation detection systems which exist in state-of-the-art security perimeters such as firewalls, intrusion detection/prevention systems and anomaly detection systems. Moreover, we propose a novel defense mechanism that effectively mitigates our proposed DRDoS attack. Our defense mechanism is shown to successfully reduce the CPU load of a SIP server under attack from 71% down to 18% within 3 minutes after it is initiated.
Highlights
The Voice Over Internet Protocol (IP) (VoIP) protocol has become an important component of modern corporate communications and many enterprises completely depend on it for their voice and video communication
Our work focuses on the application of reflection attacks to User Datagram Protocol (UDP) based Session Initiation Protocol (SIP) services that would result in Distributed Reflection Denial-ofService (DRDoS) attacks
We propose a novel SIP-based DRDoS attack, named as SR-DRDoS, which uses attack vectors obtained by merging the weaknesses of some less known SIP features with the IP-spoofing technique, reflection based attack logic and Distributed Denial-ofService (DDoS) attack logic
Summary
The Voice Over IP (VoIP) protocol has become an important component of modern corporate communications and many enterprises completely depend on it for their voice and video communication. A DoS attack is performed by a single computer, whereas a Distributed Denial-ofService (DDoS) attack is performed by multiple computers In this attack, a vast amount of generated network traffic exhausts the server and prevents legitimate users from accessing its services [4], [5]. Against the SR-DRDoS attack, we propose an effective defense mechanism which periodically collects a window of network traffic and calculates dynamic threshold values to trigger rule-based filtering actions. We show that it successfully reduces the CPU load of a SIP server under attack from 71% down to 18% within 3 minutes after it is initiated
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
