A novel design of a VoIP firewall proxy to mitigate SIP-based flooding attacks

被引:0
作者
Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand [1 ]
机构
[1] Department of Computer Science and Software Engineering, University of Canterbury, Christchurch
来源
Int. J. Internet Protoc. Technol. | 2008年 / 2卷 / 128-135期
关键词
Digest authentication; Iptables; SIP; Stateful and stateless connection; VoIP flooding attack;
D O I
10.1504/IJIPT.2008.020470
中图分类号
学科分类号
摘要
This paper proposes a novel method to address the protection necessary to mitigate flooding attacks in VoIP networks which can produce rapid saturation of a firewall and crippling of a VoIP switch. The paper proposes a stateless firewall nonce checking mechanism as an extension to the existing (stateful) SIP digest authentication. This combination aims to form a more secure and flood-resistant authentication scheme for SIP-based VoIP systems. The proposed mechanism has been implemented on a Linux iptables firewall and the experimental results demonstrate proof-of-concept showing that by incorporating this mechanism it is possible to provide substantially improved SIP-based flooding mitigation. Copyright © 2008, Inderscience Publishers.
引用
收藏
页码:128 / 135
页数:7
相关论文
共 44 条
  • [1] Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony
    Akbar, Muhammad Ali
    Farooq, Muddassar
    KNOWLEDGE AND INFORMATION SYSTEMS, 2014, 38 (02) : 491 - 510
  • [2] Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony
    Muhammad Ali Akbar
    Muddassar Farooq
    Knowledge and Information Systems, 2014, 38 : 491 - 510
  • [3] SIP-based VOIP telephone system design and implementation
    Bai, Xiuxuan
    Zhou, Wenkai
    Ni, Yulin
    2010 THE 3RD INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND INDUSTRIAL APPLICATION (PACIIA2010), VOL IX, 2010, : 175 - 178
  • [4] SIP-based VOIP telephone system design and implementation
    Bai, Xiuxuan
    Zhou, Wenkai
    Ni, Yulin
    2011 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTATION AND INDUSTRIAL APPLICATION (ICIA2011), VOL IV, 2011, : 174 - 177
  • [5] A SIP delayed based mechanism for detecting VOIP flooding attacks
    Dassouki, Khaled
    Safa, Haidar
    Hijazi, Abbas
    El-Hajj, Wassim
    2016 INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC), 2016, : 588 - 593
  • [6] SecSip: A Stateful Firewall for SIP-based Networks
    Lahmadi, Abdelkader
    Festor, Olivier
    2009 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM 2009) VOLS 1 AND 2, 2009, : 172 - 179
  • [7] On the billing vulnerabilities of SIP-based VoIP systems
    Zhang, Ruishan
    Wang, Xinyuan
    Yang, Xiaohui
    Jiang, Xuxian
    COMPUTER NETWORKS, 2010, 54 (11) : 1837 - 1847
  • [8] Detection And Countermeasure Scheme For Call-Disruption Attacks On SIP-Based Voip Services
    Ryu, Jea Tek
    Roh, Byeong-hee
    Ryu, Ki Yeol
    Yoon, Myungchul
    KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2012, 6 (07): : 1854 - 1873
  • [9] Research on Security Mechanisms of SIP-based VoIP System
    Shan, Liancheng
    Jiang, Ning
    HIS 2009: 2009 NINTH INTERNATIONAL CONFERENCE ON HYBRID INTELLIGENT SYSTEMS, VOL 2, PROCEEDINGS, 2009, : 408 - 410
  • [10] Inexpensive high availability solutions for the SIP-based VoIP service
    Jenq-Shiou Leu
    Hui-Ching Hsieh
    Yen-Chiu Chen
    Multimedia Tools and Applications, 2011, 53 : 285 - 301
12345