[VOIPSEC] Fw: Evaluating DoS Attacks Against SIP-Based VoIP Systems (INVITE of Death)

Klaus Darilion klaus.mailinglists at pernau.at
Tue Aug 18 06:45:26 CDT 2009 

Dear Zubair!

Did you also have evaluated why/how the attack influences the SIP proxy 
performance? For example, the CCR vs. Attack Rate of Openser is really 
bad, but you also state that Openser's parser uses "best coding 
practicies" - this is somehow strange.

How should the parser be changed to be more robust?

Have you also tested how the performance drops by flooding the proxy 
with "normal" messages in respect to the malformed messages?

regards
Klaus

zubair rafique schrieb:
> 
> 
> Evaluating DoS Attacks Against SIP-Based VoIPSystems (INVITE of
> Death) Paper accepted at IEEE-GLOBECOM
> 2009http://www.nexginrc.org/~zubair.rafique/papers/globecomm-zubair.pdf
> 
> 
> The multimedia communication is rapidly convergingtowards Voice over
> Internet – commonly known as Voiceover Internet Protocol (VoIP).
> Session Initiation Protocol (SIP) isthe standard used for session
> signaling in VoIP. Crafty attackerscan launch a number of Denial of
> Service (DoS) attacks on aSIP based VoIP infrastructure that can
> severely compromiseits reliability. In contrast, little work is done
> to analyze therobustness and reliability of SIP severs under DoS
> attacks. In thispaper, we show that the robustness and reliability of
> generic SIPservers is inadequate than commonly perceived. We have
> doneour study using a customized analysis tool that has the abilityto
> synthesize and launch different types of attacks. We haveintegrated
> the tool in a real SIP test bed environment to measurethe performance
> of SIP servers. Our measurements show that astandard SIP server can
> be easily overloaded by sending simplecall requests. We define the
> performance metrics to measurethe effects of flooding attacks on real
> time services - VoIP inSIP environment – and show the results on
> different SIP serverimplementations. Our results also provide insight
> into resources’usage by SIP servers under flooding attacks. Moreover,
> we showthat how a well known open source SIP server can be
> crashedthrough ‘INVITE of Death’ - a malformed SIP packet
> maliciouslycrafted by our tool. Regards M Zubair RafiquenexGIN RC 
> http://www.nexginrc.org/~zubair.rafique/
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________ Voipsec mailing list 
> Voipsec at voipsa.org 
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list