Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems

Traditional perimeter security solutions cannot cope with the complexity of VoIP protocols at carrier-class performance. The authors implemented a large-scale, rule-based SIP-aware application-layer-firewall capable of detecting and mitigating SIP-based Denial-of-Service (DoS) attacks at the signaling and media levels. The detection algorithms, implemented in a highly distributed hardware solution leveraged to obtain filtering rates in the order of hundreds of transactions per second, suggest carrier class performance. Firewall performs SIP traffic filtering against spoofing attacks; and request, response and out-of-state floods. The functionality and performance of the DoS prevention schemes were validated using a distributed test-bed and a custom-built, automated testing and analysis tool that generated high-volume signaling and media traffic, and performed fine grained measurements of filtering rates and load-induced delays of the system under test.