Prevention of denial of service (DoS) attacks on session initiation protocol (SIP)-based systems using return routability check filtering
First Claim
Patent Images
1. A method comprising:
- receiving an attack on a Session Initiation Protocol (SIP)-based device; and
applying a return routability check filter to the attack, wherein applying the return routability check filter includes;
receiving a first SIP request message from a source;
storing, in a content-addressable memory (CAM) table, an identifier of the source indicated in the first SIP request message;
transmitting a challenge to the source to authenticate the source;
receiving additional SIP request messages;
determining, for each of the additional SIP request messages, if the CAM table includes an entry that matches an identifier of the corresponding additional SIP request message;
determining, for each of the additional SIP request messages that includes an identifier that matches an entry in the CAM table, if the corresponding additional SIP request message includes a correct response to the challenge;
blocking the additional SIP request messages that include an identifier that matches an entry in the CAM table and do not include the correct response to the challenge; and
removing the identifier of the source from the CAM table when one of the additional SIP request messages includes an identifier that matches an entry in the CAM table and includes the correct response to the challenge.
3 Assignments
0 Petitions
Accused Products
Abstract
A device receives an attack on a Session Initiation Protocol (SIP)-based device, determines a type of the attack, and applies, based on the determined type of the attack, a return routability check filter to the attack.
88 Citations
22 Claims
-
1. A method comprising:
-
receiving an attack on a Session Initiation Protocol (SIP)-based device; and applying a return routability check filter to the attack, wherein applying the return routability check filter includes; receiving a first SIP request message from a source; storing, in a content-addressable memory (CAM) table, an identifier of the source indicated in the first SIP request message; transmitting a challenge to the source to authenticate the source; receiving additional SIP request messages; determining, for each of the additional SIP request messages, if the CAM table includes an entry that matches an identifier of the corresponding additional SIP request message; determining, for each of the additional SIP request messages that includes an identifier that matches an entry in the CAM table, if the corresponding additional SIP request message includes a correct response to the challenge; blocking the additional SIP request messages that include an identifier that matches an entry in the CAM table and do not include the correct response to the challenge; and removing the identifier of the source from the CAM table when one of the additional SIP request messages includes an identifier that matches an entry in the CAM table and includes the correct response to the challenge. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a Session Initiation Protocol (SIP) proxy or server; and a firewall to receive an attack on the SIP proxy or server and to apply a return routability check filter to the attack, the firewall including; a receiver to receive a first SIP request message from a source and to receive additional SIP request messages; a transmitter to send a challenge to authenticate the source; and a content-addressable memory (CAM) to store a CAM table of identifiers of SIP request messages; a processor to store an identifier, indicated in the first SIP request message of the source, in the CAM table, determine, for each of the additional SIP request messages, if the CAM table includes an entry that matches an identifier included in the corresponding additional SIP request message; determine, for each of the additional SIP request messages that includes an identifier that matches an entry in the CAM table, if the corresponding additional SIP request message includes a correct response to the challenge; block the additional SIP request messages blocking that include an identifier that matches an entry in the CAM table and do not include the correct response to the challenge, and remove the identifier of the source from the CAM table when one of the additional SIP request messages includes an identifier that matches an entry in the CAM table and includes the correct response to the challenge. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A device comprising:
-
a receiver to receive a first Session Initiation Protocol (SIP) request message from a source and to receive subsequent additional SIP request messages; and a transmitter to send a message to the Internet Protocol (IP) address identified in the first SIP request message for authenticating the source; a content addressable memory (CAM) to store a CAM table of source IP addresses of SIP request messages; and a processor to store the source IP address identified in the first SIP request message in the CAM table, determine, for each of the additional SIP request messages, if the CAM table includes an entry that matches a source IP address indicated in the corresponding additional SIP request message, determine, for each of the additional SIP request messages that includes a source IP address that matches an entry in the CAM table, if the corresponding additional SIP request message includes a correct response to the challenge; remove the IP address of the source from the CAM table when one of the additional SIP request messages includes a source IP address that matches an entry in the CAM table and includes the correct response to the challenge. - View Dependent Claims (20, 21, 22)
-
Specification