• DocumentCode
    2130821
  • Title

    Counteract DNS Attacks on SIP Proxies Using Bloom Filters

  • Author

    Ge Zhang ; Fischer-Hubner, Simone

  • Author_Institution
    Karlstad Univ., Karlstad, Sweden
  • fYear
    2013
  • fDate
    2-6 Sept. 2013
  • Firstpage
    678
  • Lastpage
    684
  • Abstract
    SIP proxies play an important part in VoIP services. A Denial of Service (DoS) attack on them may cause the failure of the whole network. We investigate such a DoS attack by exploiting DNS queries. A SIP proxy needs to resolve domain names for processing a message. However, a DNS resolution may take a while. To avoid being blocked, a proxy suspends the processing task of the current message during its name resolution, so that it can continue to deal with other messages. Later when the answer is received, the suspended task will be resumed. It is an asynchronous implementation of DNS queries. Unfortunately, this implementation consumes memory storage and also brings troubles like a race condition. An attacker can collect a list of domain names which take seconds to resolve. Then, the attacker sends to a victim SIP proxy messages which contain these domain names. As a result, the victim proxy has to suspend a number of messages in a short while. Our experiments show that a SIP proxy can be easily crashed by such an attack and thus be not available anymore. To solve the problem, we analyzed the reasons that make a DNS query time-consuming, and then proposed a prevention scheme using bloom filters to blacklist suspicious DNS authoritative servers. Results of our experiments show it efficiently mitigates the attack with a reasonable false positive rate.
  • Keywords
    Internet; computer network security; data structures; DNS attacks counteraction; DNS queries; DNS resolution; DoS attack; SIP proxies; SIP proxy messages; blacklisting; bloom filters; denial of service attack; domain name system; false positive rate; name resolution; suspicious DNS authoritative servers; victim proxy; Computer crashes; Computer crime; Computers; IP networks; Internet; Protocols; Servers; DNS; DoS; SIP;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
  • Conference_Location
    Regensburg
  • Type

    conf

  • DOI
    10.1109/ARES.2013.89
  • Filename
    6657305