Is VoIP really Secured?

Evaluating DoS Attacks Against SIP-Based VoIP
Systems (INVITE of Death)

Paper accepted at IEEE-GLOBECOM 2009
http://www.nexginrc.org/~zubair.ra [...] zubair.pdf


The multimedia communication is rapidly converging
towards Voice over Internet – commonly known as Voice
over Internet Protocol (VoIP). Session Initiation Protocol (SIP) is
the standard used for session signaling in VoIP. Crafty attackers
can launch a number of Denial of Service (DoS) attacks on a
SIP based VoIP infrastructure that can severely compromise
its reliability. In contrast, little work is done to analyze the
robustness and reliability of SIP severs under DoS attacks. In this
paper, we show that the robustness and reliability of generic SIP
servers is inadequate than commonly perceived. We have done
our study using a customized analysis tool that has the ability
to synthesize and launch different types of attacks. We have
integrated the tool in a real SIP test bed environment to measure
the performance of SIP servers. Our measurements show that a
standard SIP server can be easily overloaded by sending simple
call requests. We define the performance metrics to measure
the effects of flooding attacks on real time services - VoIP in
SIP environment – and show the results on different SIP server
implementations. Our results also provide insight into resources’
usage by SIP servers under flooding attacks. Moreover, we show
that how a well known open source SIP server can be crashed
through ‘INVITE of Death’ - a malformed SIP packet maliciously
crafted by our tool.

Regards

M Zubair Rafique
nexGIN RC

http://www.nexginrc.org/~zubair.rafique/

VoiceGuard not only bypass the ISP blockage, such as Etisalat and QTel but also secure the VoIP, improve the Voice quality.

If you are intrested in it, pls buzz me. Thanks.

Lynn
MSN: svoipsales@hotmail.com