Authors | A. Aziz, D. Hoffstadt, T. Dreibholz, and E. P. Rathgeb |
Title | A Distributed Infrastructure to Analyse SIP Attacks in the Internet |
Afilliation | Communication Systems, , Communication Systems |
Project(s) | The Center for Resilient Networks and Applications |
Status | Published |
Publication Type | Proceedings, refereed |
Year of Publication | 2014 |
Conference Name | Proceedings of the IFIP Networking Conference (Networking 2014) |
Date Published | June |
Publisher | IFIP |
Keywords | Conference |
Abstract | VoIP systems, based on the Session Initiation Protocol\~(SIP), are becoming more and more widespread in the Internet. However, this creates security issues and opens up new opportunities for misuse and fraud. The most widespread threat are multi-stage attacks to commit Toll Fraud. To devise effective countermeasures, it is crucial to know how attacks on these systems are performed in reality. In this paper, we introduce a novel distributed monitoring system with Sensor nodes located in Norway, Germany and China that allow to detect SIP-based attacks from the Internet. Based on experiences from experiments spanning several years, we propose a new setup which allows simple and straightforward addition of new remote observation points. We have deployed this setup in the NorNet testbed and highlight its advantages compared to a previous setup with physically distributed Sensors. We also present results from a 45 day field test with 13 observation points. These results confirm the advantages of a widely distributed monitoring setup and give some new insights into the behavior of the attackers. |
Citation Key | Simula.simula.2658 |