Denial of Service on SIP VoIP infrastructures using DNS flooding

Abstract: A simple yet effective Denial of Service (DoS) attack on SIP servers is to flood the server with requests addressed at irresolvable domain names. In this paper we evaluate different possibilities to mitigate these effects and show that over-provisioning is not sufficient to handle such attacks. As a more effective approach we present a solution called the DNS Attack Detection and Prevention (DADP) scheme based on the usage of a non-blocking DNS cache. Based on various measurements conducted over the Internet we investigate the efficiency of the DADP scheme and compare its performance with different caching strategies applied.