Advanced flooding attack on a SIP server

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 647-651

  Deng, Xianglin ^a   Shore, Malcolm ^a  

^a UNIVERSITY OF CANTERBURY   (New Zealand)

Author keywords

DoS attack; Security; SIP; Software tools

Indexed keywords

DENIAL OF SERVICE ATTACKS; DOS ATTACK; SECURITY; SESSION INITIATION PROTOCOL; SIGNALLING PROTOCOLS; SIP; SIP SERVER; SIP SYSTEMS; SOFTWARE TOOLS; VOICE OVER IP;

COMPUTER CRIME; COMPUTER SOFTWARE; INTERNET TELEPHONY; SECURITY OF DATA; TRANSMISSION CONTROL PROTOCOL; VOICE/DATA COMMUNICATION SYSTEMS;

INTERNET PROTOCOLS;

EID: 70349687577     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.15     Document Type: Conference Paper

References (24)

1. H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RFC1889: RTP: A Transport Protocol for Real-Time Applications", Internet RFCs, 1996.
2. I. Packetizer, "H.323 versus SIP: A Comparison", http://www.packetizer.com/ipmc/h323-vs-sip/, Accessed May/2007.
3. H. Schulzrinne and J. Rosenberg, "A Comparison of SIP and H. 323 for Internet Telephony", Proc. International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV), pp. 83-86.
4. S. Salsano, L. Veltri, and D. Papalilo, "SIP security issues: the SIP authentication procedure and its processing load", Network, IEEE, vol. 16, pp. 38-44, 2002.
5. R. Rivest, "RFC1321: The MD5 Message-Digest Algorithm", Internet RFCs, 1992.
6. D. Endler, VoIP hacking exposed: McGraw-Hill, 2007.
7. th AFRICON Conference in Africa, vol. 1, 2004.
8. th International Conference on, pp. 611-616, 2007.
9. Q. Qiu, "Study of Digest Authentication for Session Initiation Protocol (SIP)", December, 2003.
10. S. McGann and D. C. Sicker, "An Analysis of Security Threats and Tools in SIP-Based VoIP Systems", Proceedings of the 2 ndWorkshop on Securing Voice over IP, Cyber Security Alliance, 2005.
11. th International Workshop on, pp. 31-40, 2002.
12. J. McCarron, "A Brief Overview of VoIP Security."
13. M. Collier, "Basic Vulnerability Issues for SIP Security", Research Report, 2005.
14. th International Network Conference (INC), pp. 147-155.
15. D. Endler and M. Collier, "Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions (Hacking Exposed)", http:// hackingvoipexposed.com/sec-tools.html, 2006.
16. J. Rosenberg, "Request Header Integrity in SIP and HTTP Digest Using Predictive Nonces", expired Internet draft, work in progress, IETF, June 2001. draft-rosenberg-sip-http-pnonce-00. txt [8] J. Franks et al.",HTTP Authentication: Basic and Digest Access Authentication", Internet Engineering Task Force, RFC 2617, June 1999.
17. M. Ohta, "Overload Protection in a SIP Signaling Network", Internet Surveillance and Protection, 2006. ICISP'06. International Conference on, pp. 11-11, 2006.
18. J. Jung, B. Krishnamurthy, and M. Rabinovich, "Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites", Proceedings of the eleventh international conference on World Wide Web, pp. 293-304, 2002.
19. R. Sailer and M. Kabatnik, "History based distributed filtering-a tagging approach to network-level access control", COMPUTER SECURITY APPLICATIONS, pp. 11-15, 2000.
20. T. Peng, C. Leckie, and K. Ramamohanarao, "Protection from distributed denial of service attacks using history-based IP filtering", Communications, 2003. ICC'03. IEEE International Conference on, vol. 1, 2003.
21. S. D. D'Souza and D. Vinokurov, "Queuing methods for mitigation of packet spoofing", 2004.
22. R. Droms, "Dynamic Host Configuration Protocol", RFC 2131, March 1997, 1997.
23. S. B. Lim and D. Ferry, "JAIN SLEE 1.0 Specification, final release", Sun Microsystems, Inc. and Open Cloud Limited March, 2004.
24. M. Mareztke, "JAIN SLEE technology overview", http://www.maretzke.de/pub/lectures/jslee-overview-2005/JSLEE-Overview-2005.pdf, 2005.