A simple yet effective Denial of Service (DoS) attack on SIP servers is to flood the server with requests addressed at irresolvable domain names. In this paper we evaluate different possibilities to mitigate these effects and show that over-provisioning is not sufficient to handle such attacks. As a more effective approach we present a solution called the DNS Attack Detection and Prevention (DADP) scheme based on the usage of a non-blocking DNS cache. Based on various measurements conducted over the Internet we investigate the efficiency of the DADP scheme and compare its performance with different caching strategies applied.
Contents
1. INTRODUCTION
1.1. Related Work
2. BACKGROUND
2.1. Session Initial Protocol
2.2. Domain Names Service
2.3. DNS Usage in SIP Infrastructures
3. SCOPE OF THE ATTACK
4. TEST BED AND INSTRUMENT
5. LIMITED ATTACK MITIGATION POSSIBILITIES
5.1. Reduced FQDN Usage
5.2. Scalable Server Design
5.2.1. Synchronous Scaling through Parallel Processing
5.2.2. Asynchronous Scaling through Message Processing Interruption
6. NON-BLOCKING CACHE DESIGN
6.1. Attack Detection and Prevention
6.2. Operational Consequences
6.3. Operational Performance
6.3.1. Unblocking Test
6.3.2. Cache Replacement Policies Evaluation
6.3.3. Evaluate the Number of Entries of Cache
7. CONCLUSION AND FUTURE WORK
8. ACKNOLEDGEMENT
9. REFERENCE
Author: Ge Zhang
Source: Blekinge Institute of Technology
Reference URL 1: Visit Now