Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Counteract DNS Attacks on SIP Proxies Using Bloom Filters
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0002-6938-4466
2013 (English)In: 2013 International Conference on Availability, Reliability and Security, IEEE, 2013, p. 678-684Conference paper, Published paper (Refereed)
Abstract [en]

SIP proxies play an important part in VoIP services. A Denial of Service (DoS) attack on them may cause the failure of the whole network. We investigate such a DoS attack by exploiting DNS queries. A SIP proxy needs to resolve domain names for processing a message. However, a DNS resolution may take a while. To avoid being blocked, a proxy suspends the processing task of the current message during its name resolution, so that it can continue to deal with other messages. Later when the answer is received, the suspended task will be resumed. It is an asynchronous implementation of DNS queries. Unfortunately, this implementation consumes memory storage and also brings troubles like a race condition. An attacker can collect a list of domain names which take seconds to resolve. Then, the attacker sends to a victim SIP proxy messages which contain these domain names. As a result, the victim proxy has to suspend a number of messages in a short while. Our experiments show that a SIP proxy can be easily crashed by such an attack and thus be not available anymore. To solve the problem, we analyzed the reasons that make a DNS query time-consuming, and then proposed a prevention scheme using bloom filters to blacklist suspicious DNS authoritative servers. Results of our experiments show it efficiently mitigates the attack with a reasonable false positive rate.

Place, publisher, year, edition, pages
IEEE, 2013. p. 678-684
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kau:diva-29393DOI: 10.1109/ARES.2013.89ISBN: 978-0-7695-5008-4 (print)OAI: oai:DiVA.org:kau-29393DiVA, id: diva2:655760
Conference
ECTCM 2013 - First International Workshop on Emerging Cyberthreats and Countermeasures (Co-located with ARES 2013, International Conference on Availability, Reliability and Security), September 2-6, 2013, Regensburg, Germany
Available from: 2013-10-13 Created: 2013-10-13 Last updated: 2019-12-02Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full texthttp://prisec.kau.se/pdf/Zhang2013a.pdf

Authority records

Zhang, GeFischer-Hübner, Simone

Search in DiVA

By author/editor
Zhang, GeFischer-Hübner, Simone
By organisation
Department of Computer ScienceDepartment of Mathematics and Computer Science (from 2013)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 299 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf