Protecting SIP Proxy Servers from Ringing-Based Denial-of-Service Attacks

As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voice-over-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to people´s everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated extensively through experiments on a local testbed.