DocumentCode
2130821
Title
Counteract DNS Attacks on SIP Proxies Using Bloom Filters
Author
Ge Zhang ; Fischer-Hubner, Simone
Author_Institution
Karlstad Univ., Karlstad, Sweden
fYear
2013
fDate
2-6 Sept. 2013
Firstpage
678
Lastpage
684
Abstract
SIP proxies play an important part in VoIP services. A Denial of Service (DoS) attack on them may cause the failure of the whole network. We investigate such a DoS attack by exploiting DNS queries. A SIP proxy needs to resolve domain names for processing a message. However, a DNS resolution may take a while. To avoid being blocked, a proxy suspends the processing task of the current message during its name resolution, so that it can continue to deal with other messages. Later when the answer is received, the suspended task will be resumed. It is an asynchronous implementation of DNS queries. Unfortunately, this implementation consumes memory storage and also brings troubles like a race condition. An attacker can collect a list of domain names which take seconds to resolve. Then, the attacker sends to a victim SIP proxy messages which contain these domain names. As a result, the victim proxy has to suspend a number of messages in a short while. Our experiments show that a SIP proxy can be easily crashed by such an attack and thus be not available anymore. To solve the problem, we analyzed the reasons that make a DNS query time-consuming, and then proposed a prevention scheme using bloom filters to blacklist suspicious DNS authoritative servers. Results of our experiments show it efficiently mitigates the attack with a reasonable false positive rate.
Keywords
Internet; computer network security; data structures; DNS attacks counteraction; DNS queries; DNS resolution; DoS attack; SIP proxies; SIP proxy messages; blacklisting; bloom filters; denial of service attack; domain name system; false positive rate; name resolution; suspicious DNS authoritative servers; victim proxy; Computer crashes; Computer crime; Computers; IP networks; Internet; Protocols; Servers; DNS; DoS; SIP;
fLanguage
English
Publisher
ieee
Conference_Titel
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location
Regensburg
Type
conf
DOI
10.1109/ARES.2013.89
Filename
6657305
Link To Document