AuthorsA. Aziz, D. Hoffstadt, T. Dreibholz and E. P. Rathgeb
TitleA Distributed Infrastructure to Analyse SIP Attacks in the Internet
AfilliationCommunication Systems, Networks, Communication Systems
Project(s)The Center for Resilient Networks and Applications
Publication TypeProceedings, refereed
Year of Publication2014
Conference NameProceedings of the IFIP Networking Conference (Networking 2014)
Date PublishedJune

VoIP systems, based on the Session Initiation Protocol\~(SIP), are becoming more and more widespread in the Internet. However, this creates security issues and opens up new opportunities for misuse and fraud. The most widespread threat are multi-stage attacks to commit Toll Fraud. To devise effective countermeasures, it is crucial to know how attacks on these systems are performed in reality. In this paper, we introduce a novel distributed monitoring system with Sensor nodes located in Norway, Germany and China that allow to detect SIP-based attacks from the Internet. Based on experiences from experiments spanning several years, we propose a new setup which allows simple and straightforward addition of new remote observation points. We have deployed this setup in the NorNet testbed and highlight its advantages compared to a previous setup with physically distributed Sensors. We also present results from a 45 day field test with 13 observation points. These results confirm the advantages of a widely distributed monitoring setup and give some new insights into the behavior of the attackers.

Citation KeySimula.simula.2658