Evaluating DoS Attacks against Sip-Based VoIP Systems

• Published in: GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference pp. 1 - 6
• Main Authors: Rafique, M.Z., Ali Akbar, M., Farooq, M.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.11.2009
• Subjects: Computer crime; Floods; Internet telephony; Measurement; Protection; Protocols; Robustness; Storage area networks; Testing; Web server
• ISBN: 9781424441488; 142444148X
• ISSN: 1930-529X; 2576-764X
• DOI: 10.1109/GLOCOM.2009.5426247

The multimedia communication is rapidly converging towards Voice over Internet - commonly known as Voice over Internet Protocol (VoIP). Session Initiation Protocol (SIP) is the standard used for session signaling in VoIP. Crafty attackers can launch a number of Denial of Service (DoS) attacks on a SIP based VoIP infrastructure that can severely compromise its reliability. In contrast, little work is done to analyze the robustness and reliability of SIP severs under DoS attacks. In this paper, we show that the robustness and reliability of generic SIP servers is inadequate than commonly perceived. We have done our study using a customized analysis tool that has the ability to synthesize and launch different types of attacks. We have integrated the tool in a real SIP test bed environment to measure the performance of SIP servers. Our measurements show that a standard SIP server can be easily overloaded by sending simple call requests. We define the performance metrics to measure the effects of flooding attacks on real time services - VoIP in SIP environment - and show the results on different SIP server implementations. Our results also provide insight into resources' usage by SIP servers under flooding attacks. Moreover, we show that how a well known open source SIP server can be crashed through 'INVITE of Death' - a malformed SIP packet maliciously crafted by our tool.