International Journal of Computer Applications in Engineering Sciences [VOL I, ISSUE II, JUNE 2011] [ISSN: 2231-4946] 112 | Page Secure SIP from DoS based Massage Flooding Attack Md. Ruhul Islam 1 , Smarajit Ghosh 2 1 Sikkim Manipal Institute of Technology, Majitar, Rangpo, East Sikkim-737136 2 Thapar University, Patiala-147004, Punjab 1 md_ruhul@rediffmail.com 2 smarajitghosh@rediffmail.com Abstract- Over IP network the SIP-based VoIP system build , so it is precious by the IP network security problem. In this paper we concentrate on the issue of denial of service (DoS) attacks which targeting the hardware and software of voice over IP servers .In this situation we mainly identify attacks based on exhaustion the memory of VoIP servers, attacks on the CPU. A major conclusion is that SIP provides a wide range of features that can be used to accumulate DoS attacks. Discovering these attacks is inherently difficult, in the case of DoS attacks on other IP components. With sufficient server design, implementation and proper hardware the effects of a large portion of attacks can be reduced. Besides the server implementation and hardware we present some optimizations that reduce the contacting DNS servers using caches, policies and extensions to the SIP messages. Keywords— VoIP, SIP, DoS , Message Flooding, SMTP. I. INTRODUCTION Voice over IP (VoIP) is an umbrella term for a set of technologies that allow voice traffic to be carried over Internet Protocol (IP) networks. VoIP transfers the voice streams of audio calls into data packets as opposed to traditional, analog circuit-switched voice communications used by the public switched telephone network (PSTN). Security threats are considered minimum in current circuit switched networks. In an open environment such as the Internet, mounting an attack on a telephony server is, however, much simpler. VoIP services are based on standardized and open technologies (i.e. SIP, H.323, MEGACO) using servers reachable through the Internet, implemented in software and provided often over general purpose computing hardware. This type of services can suffer from security threats as HTTP based services. Instead of creating thousands of voice calls, the attacker can easily send thousands of VoIP invitations in a similar manner to attacks on Web servers. These attacks are simple and easy to access in internet, also cheap. Besides launching brute force attacks by generating a large number of useless VoIP calls, attackers can use certain features of the used VoIP protocol to invite higher loads at the servers. The session initiation protocol (SIP) is ever more establishing itself as the de-facto standard for VoIP services in the Internet and next generation networks. A. Session Initiation Protocol (SIP) Session Initiation Protocol, SIP is an application layer protocol that has been designed by Internet Engineering Task Force (IETF).It defines initiation, modification and termination of interactive, multimedia communication sessions between users. SIP has integrated elements from other protocols that are broadly used on the Internet. It is a text-based client-server protocol with almost the same structure as the HyperText Transport Protocol (HTTP [5]) and Simple Mail Transport Protocol (SMTP [5]). The structure of the protocol easy to follow and understand. The SIP messages have the same structure as the messages in HTTP and contain a request line or a status line followed by at least six header fields. After the header field there may be an attached message body, the type and size is described by some of the header fields. As for HTTP and SMTP, SIP supports the popular Multipurpose Internet Mail Extension (MIME [5]) for describing the content in the message body. In most cases the message body consists of a Session Description Protocol (SDP [8]) message. It describes the media transfer after the signaling phase. The SDP message has a MIME subtype of application/sdp. Even sometime SIP message body in most cases contains a SDP message also contain other MIME subtypes, like e.g. text/plain or image/gif. The client-server structure is based on a client that issues a request for a service and a server handles the request and responds with a service. A SIP-enabled end-device, SIP User Agent (UA), has both a client and server application. All requests from a client UA contain a method in their request lines. In current version of SIP [6] there exist six different methods which shown below table1: TABLE 1: SIX DIFFERENT METHODS IN CURRENT SIP VERSION