CPU-based DoS attacks against SIP servers

A key component of VoIP networks is the SIP signaling infrastructure. The reliance of public SIP servers on the Internet has opened up this critical infrastructure to a range of attacks. In particular, Denial of Service (DoS) attacks pose a serious security threat to the quality, reliability and availability of VoIP operations. In this paper, we investigate the impact of DoS attacks on SIP infrastructure, using a popular open source SIP server as a test bed. We have identified four attack scenarios that can exploit vulnerabilities in existing SIP authentication protocols, and we demonstrate the practical impact of these attacks on the target server. In response to these vulnerabilities, we have proposed several countermeasures to defend against each attack scenario. Our experimental results show that the current SIP implementation is highly vulnerable to DoS attacks and countermeasures are needed to make these servers more resilient. More importantly, we prove that authentication alone is no defence against DoS attacks in this context, and can actually increase the vulnerability of target servers instead of solving the problem of DoS attacks.