Abstract
With the upcoming introduction of the Session Initiation Protocol to carrier grade telecommunication infrastructures, the threat of attacks is increasing massively. Multiple types of unsolicited communication, like high and low rate Denial-of-Service attacks as well as Spam over Internet Telephony driven by Botnets will be an upcoming risk for all telecommunication operators.
In this document, we introduce an enhanced Session Border Controller which is able to detect high-rate DoS attacks and which will mark all forwarded requests with a value indicating the “quality” of the request. This value, which we denote as “dropability“, reflects the effort the system has already invested for this request. This dropability-value depends amongst other presented factors on the spam-probability and the economic- or QoS-effect of this request.
This introduced value supports overloaded core-components to decide with minimum processing effort, which requests to drop first and which requests have severe effects on the customers perception or the economic income of the carrier.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ETSI. NGN Congestion and Overload Control; Part 4: Overload and Congestion Control for H.248 MG/MGC. ES 283 039-4, Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) (April 2007)
Gurbani, V., Hilt, V., Schulzrinne, H.: Session Initiation Protocol (SIP) Overload Control. Internet-Draft draft-ietf-soc-overload-control-07, Internet Engineering Task Force (January 2012) (work in progress)
Hautakorpi, J., Camarillo, G., Penfield, R., Hawrylyshen, A., Bhatia, M.: Requirements from Session Initiation Protocol (SIP) Session Border Control (SBC) Deployments. RFC 5853, Internet Engineering Task Force (April 2010)
Hilt, V., Noel, E., Shen, C., Abdelal, A.: Design Considerations for Session Initiation Protocol (SIP) Overload Control. RFC 6357, Internet Engineering Task Force (August 2011)
Hirschbichler, M., Egger, C., Pasteka, O., Berger, A.: Using E-Mail SPAM DNS Blacklists for Qualifying the SPAM-over-Internet-Telephony Probability of a SIP Call. In: Third International Conference on Digital Society, ICDS 2009, pp. 254–259 (February 2009)
Noel, E., Johnson, C.R.: Novel overload controls for SIP networks. In: 21st International Teletraffic Congress, ITC 21 2009, pp. 1–8 (September 2009)
Noel, E., PhilipWilliams, P.: Session Initiation Protocol (SIP) Rate Control. Internet-Draft draft-noel-soc-overload-rate-control-02, Internet Engineering Task Force (December 2011) (work in progress)
Ormazabal, G., Nagpal, S., Yardeni, E., Schulzrinne, H.: Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems. In: Schulzrinne, H., State, R., Niccolini, S. (eds.) IPTComm 2008. LNCS, vol. 5310, pp. 107–132. Springer, Heidelberg (2008)
Quinten, V.M., van de Meent, R., Pras, A.: Analysis of Techniques for Protection Against Spam over Internet Telephony. In: Pras, A., van Sinderen, M. (eds.) EUNICE 2007. LNCS, vol. 4606, pp. 70–77. Springer, Heidelberg (2007)
Rosenberg, J.: Requirements for Management of Overload in the Session Initiation Protocol. RFC 5390, Internet Engineering Task Force (December 2008)
Rosenberg, J., Jennings, C.: The Session Initiation Protocol (SIP) and Spam. RFC 5039, Internet Engineering Task Force (January 2008)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261, Internet Engineering Task Force (June 2002)
Schulzrinne, H., Polk, J.: Communications Resource Priority for the Session Initiation Protocol (SIP). RFC 4412, Internet Engineering Task Force (February 2006)
Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VOIP floods using the hellinger distance. IEEE Transactions on Parallel and Distributed Systems 19(6), 794–805 (2008)
Tang, J., Cheng, Y.: Quick detection of stealthy SIP flooding attacks in VOIP networks. In: 2011 IEEE International Conference on Communications (ICC), pp. 1–5 (June 2011)
Wing, D., Niccolini, S., Stiemerling, M., Tschofenig, H.: Spam Score for SIP. Internet-Draft draft-wing-sipping-spam-score-02, Internet Engineering Task Force (February 2008) (work in progress)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hirschbichler, M., Fabini, J., Seifert, B., Egger, C. (2012). Stop the Flood – Perimeter Security- and Overload- Pre-evaluation in Carrier Grade VoIP Infrastructures. In: Andreev, S., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networking. ruSMART NEW2AN 2012 2012. Lecture Notes in Computer Science, vol 7469. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32686-8_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-32686-8_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32685-1
Online ISBN: 978-3-642-32686-8
eBook Packages: Computer ScienceComputer Science (R0)