A novel design of a VoIP firewall proxy to mitigate SIP-based flooding attacks

被引:0
作者
Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand [1 ]
机构
[1] Department of Computer Science and Software Engineering, University of Canterbury, Christchurch
来源
Int. J. Internet Protoc. Technol. | 2008年 / 2卷 / 128-135期
关键词
Digest authentication; Iptables; SIP; Stateful and stateless connection; VoIP flooding attack;
D O I
10.1504/IJIPT.2008.020470
中图分类号
学科分类号
摘要
This paper proposes a novel method to address the protection necessary to mitigate flooding attacks in VoIP networks which can produce rapid saturation of a firewall and crippling of a VoIP switch. The paper proposes a stateless firewall nonce checking mechanism as an extension to the existing (stateful) SIP digest authentication. This combination aims to form a more secure and flood-resistant authentication scheme for SIP-based VoIP systems. The proposed mechanism has been implemented on a Linux iptables firewall and the experimental results demonstrate proof-of-concept showing that by incorporating this mechanism it is possible to provide substantially improved SIP-based flooding mitigation. Copyright © 2008, Inderscience Publishers.
引用
收藏
页码:128 / 135
页数:7
相关论文
共 44 条
  • [31] Design of presence agent server for SIP-based presence services
    Wook, H
    Huh, M
    Kang, SG
    7th International Conference on Advanced Communication Technology, Vols 1 and 2, Proceedings, 2005, : 397 - 400
  • [32] Development of IPv6-IPv4 translation mechanisms for SIP-based VoIP applications
    Chen, WE
    Su, CY
    Weng, JH
    AINA 2005: 19th International Conference on Advanced Information Networking and Applications, Vol 2, 2005, : 819 - 823
  • [33] Design and Implementation of a SIP-based Centralized Multimedia Conferencing System
    Li, Junchao
    Lei, Weimin
    Zhang, Xiuwu
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON COMMUNICATION SOFTWARE AND NETWORKS, 2009, : 40 - +
  • [34] The Design of a Secure SIP-Based Architecture for Broadband Service Providers
    El-Mousa, Ali
    Al Saidat, Mohammed Rasol Saleem
    2015 6th International Conference on Information and Communication Systems (ICICS), 2015, : 89 - 94
  • [35] Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers
    Yum, Dae Hyun
    Kim, Sun Young
    Moon, HoKun
    Kim, Mi-Yeon
    Roh, Jae-Hoon
    Lee, Pil Joong
    INFORMATION SECURITY APPLICATIONS, 2009, 5932 : 339 - 353
  • [36] A Novel Approach for Efficient Mitigation against the SIP-Based DRDoS Attack
    Tas, Ismail Melih
    Baktir, Selcuk
    APPLIED SCIENCES-BASEL, 2023, 13 (03):
  • [37] Study of SIP-based VoIP application interworking with IPv4-IPv6 transitioning mechanisms
    Tomic, S.
    Hoeher, T.
    Menedetter, R.
    Maslenka, R.
    Banfield, M.
    Lauster, R.
    2006 IEEE SARNOFF SYMPOSIUM, 2006, : 109 - +
  • [38] A Cross-Layer Approach to Enhance the Call Setup Performance of SIP-Based VoIP over AODV MANET
    Alshamrani, Mazin
    Cruickshank, Haitham
    Sun, Zhili
    2014 EIGHTH INTERNATIONAL CONFERENCE ON NEXT GENERATION MOBILE APPS, SERVICES AND TECHNOLOGIES (NGMAST), 2014, : 241 - 247
  • [39] Performance comparison of H.323 and SIP-based VoIP call setup over wireless communication channels
    Lee, CW
    Xie, H
    7TH WORLD MULTICONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL VII, PROCEEDINGS, 2003, : 351 - 356
  • [40] SIP-based Protocol for P2P Large-scale Multiparty VoIP (MVoIP) Conference Support
    Elleuch, Wajdi
    Houle, Alain C.
    2009 6TH IEEE CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE, VOLS 1 AND 2, 2009, : 118 - 122
12345