Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms

In this article we address the issue of denial of service attacks targeting the hardware and software of voice over IP servers or by misusing specific signaling protocol features. As a signaling protocol we investigate here the session initiation protocol. In this context we mainly identify attacks based on exhaustion of the memory of VoIP servers, or attacks that incur high CPU load. We deliver an overview of different attack possibilities and explain some attacks in more detail, including attacks utilizing the DNS system and those targeting the parser. A major conclusion of the work is the knowledge that SIP provides a wide range of features that can be used to mount DoS attacks. Discovering these attacks is inherently difficult, as is the case with DoS attacks on other IP components. However, with adequate server design, efficient implementation, and appropriate hardware, the effects of a large portion of attacks can be reduced