An approach to mitigate DDoS attacks on SIP.pptx
- 1. Warda AMALOU Merouane MEHDI DIC Laboratory, Department Of Electronics, Faculty of Technology, University Blida 1 [email protected] [email protected] An approach to mitigate DDoS attacks on SIP based VoIP
- 2. Introduction
- 4. VoIP Attacks
- 7. Conclusi on
- 8. Introduction Internet Denial of Service (DDoS) attacks are sadly now widespread. Their purpose is to make a service unavailable, to prevent legitimate users of a service from using it. In the context of IP telephony, this can prevent any incoming or outgoing call. DDoS attacks are becoming more frequent, more disruptive and sometimes even include ransom demands.
- 9. • On June 18, 2019, the video game company Ubisoft, well known to Montrealer's, fell victim to a DDoS attack affecting online gamers for over an hour. Earlier in the same month, the encrypted instant messaging service Telegram also suffered an attack preventing its nearly 200 million users from communicating for over 17 hours! • The victims of DDoS attacks aren't just large corporations. Hackers do not discriminate as to their targets.
- 10. . Background Literature VoIP Today’s voice networks, such as the public switched telephone network (PSTN), use digital switching technology to establish a dedicated link between the caller and the recipient.
- 11. Background Literature VoIP 1 The H323 protocol is a signaling protocol belonging to the transport layer of the OSI model and associating a set of voice, image and data communication protocols over IP. H.323 SIP SIP has been developed specifically for IP telephony and other Internet services. SIP is used with the session description protocol for user discovery; it provides feature negotiation and call management. H.225 & H.245 SDP SDP (Session Description Protocol) is essentially a format to describe the initialization settings for multimedia streaming during the announcement and session invitation. . The connection signaling part of H.323 is managed by protocol H.225, while the negotiation function is supported by H.245.
- 12. Protocol SIP
- 13. Testing a call between 2 Softphones
- 16. VoIP Attacks • VoIP phone systems differ from traditional setups because you don’t need copper wiring that spans across your entire office. Connections are made virtually using an internet connection. But that often causes security a big concern: everything is hosted in the cloud. Hacking a phone system isn't as far-fetched as you might think .Here are the most common types of VoIP attack you should know about.
- 17. 0 1 0 2 0 3 Eavesdropping with Wireshark Reconnaissance with kali Identifying Extensions with kali 0 DDoS Attack
- 19. Reconnaissance and Identifying Extensions with kali Linux
- 20. Attack DDoS VoIP As Internet telephony is based on computer systems, the emergence of security problems was inevitable. In a business wishing to migrate to Internet telephony, the very openness of the IP network increases security risks, all telephones become, in a way, servers because they are now accessible from the outside.
- 21. Proposed schema and system • In this section, we describe the proposed schema and system structure. The objective is to detect and mitigate VoIP DoS and DDoS attacks. VoIP service is an application service.
- 22. . The proposed schema must detect and mitigate VoIP- aware DoS and DDoS attacks The proposed schema is implemented as a module of inline based IPS and functions with VoIP packets that are transmitted to and from a VoIP server such as a proxy server. . If the VoIP packet is encrypted using an end-to-end encryption algorithm, the system is unable to access the traffic and an analysis is not possible. Proposed Approach
- 23. Security solution • Suricata is an open source network threat detection engine that provides capabilities including intrusion detection (IDS), intrusion prevention (IPS) and network security monitoring. It does extremely well with deep packet inspection and pattern matching which makes it incredibly useful for threat and attack detection. Suricata can be configured to operate in four modes: • Sniffer mode: in this mode, Suricata reads packets circulating on the network and displays them continuously on the screen; • The "packet logger" mode: in this mode Suricata logs network traffic in directories on the disk. • Network Intrusion Detection (NIDS) mode: in this mode, Suricata analyzes the network traffic, compares that traffic to rules already defined by the user and establishes actions to be performed.
- 24. Network Intrusion Detection System Suricata Engine
- 25. l limit the number of requests in a given time interval for particular resources (for example, for a web page) Update the firmware on VoIP devices Almost every piece of business software releases regular updates. These refreshes to the actual firmware can release new features, repair bugs—and more importantly, fix security holes. Check VoIP call limit options However, your VoIP provider can help protect against attacks. Check for features that limit calls by: Time of day , Device and User Recommandations Set up a buffer server, called a "cleaning center" to filter and clean up traffic so that threats do not affect the server.
- 26. Thank you for your attention “ ”
Editor's Notes
- #13: 1. SIP INVITE: This request indicates that the specified SIP Uniform Resource Locator URL user is invited to participate in a session. 2. SIP ACK: This request allows the caller to confirm that they have received a final response to a PROMPT request. 3. SIP OPTIONS: This request is used to query a SIP server, including the UAS (User Application Server) on different information. 4. SIP BYE: This request completes a communication. 5. SIP CANCEL: This request cancels all requests that have not yet been answered to the requester. 6. SIP REGISTER: This request allows the client to save its address to the server it is linked to.
- #15: The voice is transformed into data that will then be transformed into IP packets and then transposed into the equipment of IP clients. This is how VoIP is present today on smartphones, tablets and PCs. This requires a VoIP phone, software or hardware. Reliable, free and robust, Asterisk is probably the first Open Source solution of the VoIP for this we chose as solution for the realization of this work by also choosing a user-friendly and easy to use GUI named FreePBX and a multiplatform Softphone known as 3CX that allows users to make phone calls over the Internet. Like all computer systems, VoIP lines are exposed to the same attacks as your Internet connection and email. Cyber criminals develop attacks that specifically target VoIP. We have provided you with an update on the risks and best practices to know to secure your IP phone
- #21: Thus, a hacker who has been able to break into a company's network can gain access to the data and conversations within the company. It can impersonate or steal confidential information. Also, a Deny of Service attack can saturate a company's network and thus block all calls (internal and external) transiting over IP.
- #22: Clients generate a SYN packet (to request a new session from a host server. As the TCP three-way communication handshake is created, the host will track and allocate each of the client’s sessions until the session is closed. In a SYN flood, a victim server receives spoofed SYN requests at a high packet rate that contain fake source IP addresses. The SYN flood overwhelms the victim server by depleting its system resources (connection table memory) normally used to store and process these incoming packets, resulting in performance degradation or a complete server shutdown. A well-crafted SYN flood often fools deep-packet inspection filtering techniques. SYN-Cookie defense can be used to defend against large-scale SYN floods but this requires all servers to support this capability.