Protecting SIP Against Very Large Flooding DoS Attacks

The use of the Internet for VoIP communications has seen an important increase over the last few years, with the Session Initiation Protocol (SIP) as the most popular protocol used for signaling. Unfortunately, SIP devices are quite vulnerable to Denial-of-Service (DoS) attacks, many of them becoming unresponsive and even resetting with floods of only hundreds of packets per second. In this paper, the authors introduce SIP Defender, a new distributed filtering architecture designed to protect SIP devices against large, flooding DoS attacks.