Change search
ReferencesLink to record
Permanent link

Direct link
Counteract DNS Attacks on SIP Proxies Using Bloom Filters
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
Karlstad University, Division for Information Technology. (PriSec)
2013 (English)In: ECTCM 2013, 2013, 678-684 p.Conference paper (Refereed)
Abstract [en]

SIP proxies play an important part in VoIP services. A Denial of Service (DoS) attack on them may cause the failure of the whole network. We investigate such a DoS attack by exploiting DNS queries. A SIP proxy needs to resolve domain names for processing a message. However, a DNS resolution may take a while. To avoid being blocked, a proxy suspends the processing task of the current message during its name resolution, so that it can continue to deal with other messages. Later when the answer is received, the suspended task will be resumed. It is an asynchronous implementation of DNS queries. Unfortunately, this implementation consumes memory storage and also brings troubles like a race condition. An attacker can collect a list of domain names which take seconds to resolve. Then, the attacker sends to a victim SIP proxy messages which contain these domain names. As a result, the victim proxy has to suspend a number of messages in a short while. Our experiments show that a SIP proxy can be easily crashed by such an attack and thus be not available anymore. To solve the problem, we analyzed the reasons that make a DNS query time-consuming, and then proposed a prevention scheme using bloom filters to blacklist suspicious DNS authoritative servers. Results of our experiments show it efficiently mitigates the attack with a reasonable false positive rate.

Place, publisher, year, edition, pages
2013. 678-684 p.
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:kau:diva-29393DOI: 10.1109/ARES.2013.89OAI: oai:DiVA.org:kau-29393DiVA: diva2:655760
Conference
ECTCM 2013 - First International Workshop on Emerging Cyberthreats and Countermeasures (Co-located with ARES 2013, International Conference on Availability, Reliability and Security), September 2-6, 2013, Regensburg, Germany
Available from: 2013-10-13 Created: 2013-10-13 Last updated: 2016-10-15Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full texthttp://prisec.kau.se/pdf/Zhang2013a.pdf

Search in DiVA

By author/editor
Fischer-Hübner, Simone
By organisation
Department of Computer ScienceDivision for Information Technology
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 17 hits
ReferencesLink to record
Permanent link

Direct link