System and method for testing network firewall for denial-of-service (DoS) detection and prevention in signaling channel
First Claim
1. A computer-implemented method comprising:
- transmitting Session Initiation Protocol (SIP) request messages to a SIP proxy device,wherein transmitting the SIP request messages includes transmitting, during a first time period, non-attack SIP request messages and simulated attack SIP request messages,wherein the non-attack SIP request messages are for establishing communication sessions through a network perimeter protection device and wherein the simulated attack SIP request messages include simulated spoofed source network addresses;
authenticating, during a first portion of the first time period and during a second portion of the first time period different than the first portion, the SIP request messages, wherein authenticating the SIP request messages includes determining which of the SIP request messages do not include spoofed source network addresses;
blocking, during the first portion of the first time period but not during the second portion of the first time period, unauthenticated SIP request messages having a source address from which a SIP request message was already received;
measuring, by a processor, a first performance associated with the SIP proxy device during the first portion of the first time period while authenticating and blocking; and
measuring, by the processor, a second performance associated with the SIP proxy device during the second portion of the first time period while authenticating and not blocking.
2 Assignments
0 Petitions
Accused Products
Abstract
A device may measure a first performance, associated with legitimate traffic without attack traffic, of a Session Initiation Protocol (SIP)-based protection device implementing authentication; measure a second performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication; and measure a third performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication and return routability filtering. The device may also measure a first performance associated with legitimate traffic of a Session Initiation Protocol (SIP)-based protection device implementing rate-limiting filtering; measure a second performance associated with legitimate traffic and attack traffic of the SIP-based protection device implementing scheme filtering; and measure a third performance associated with legitimate traffic of the SIP-based protection device not implementing rate-limiting filtering without attack traffic.
91 Citations
21 Claims
-
1. A computer-implemented method comprising:
-
transmitting Session Initiation Protocol (SIP) request messages to a SIP proxy device, wherein transmitting the SIP request messages includes transmitting, during a first time period, non-attack SIP request messages and simulated attack SIP request messages, wherein the non-attack SIP request messages are for establishing communication sessions through a network perimeter protection device and wherein the simulated attack SIP request messages include simulated spoofed source network addresses; authenticating, during a first portion of the first time period and during a second portion of the first time period different than the first portion, the SIP request messages, wherein authenticating the SIP request messages includes determining which of the SIP request messages do not include spoofed source network addresses; blocking, during the first portion of the first time period but not during the second portion of the first time period, unauthenticated SIP request messages having a source address from which a SIP request message was already received; measuring, by a processor, a first performance associated with the SIP proxy device during the first portion of the first time period while authenticating and blocking; and measuring, by the processor, a second performance associated with the SIP proxy device during the second portion of the first time period while authenticating and not blocking. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method comprising:
-
transmitting Session Initiation Protocol (SIP) messages to a SIP proxy device, wherein transmitting the SIP messages includes transmitting, during a first time period, non-attack SIP request messages and simulated attack SIP messages, and transmitting, during a second time period different than the first time period, the non-attack SIP request messages without the simulated attack SIP messages, wherein the non-attack SIP request messages are for establishing communication sessions through a network perimeter protection device and wherein the simulated attack SIP messages include a flood of out-of-state SIP messages; rate-limit filtering, during both the first time period and the second time period, the SIP messages, wherein rate-limit filtering includes limiting a number of SIP request or response messages to a particular rate; measuring, by a processor, a first performance associated with the SIP proxy device during the first time period while rate-limit filtering; and measuring, by the processor, a second performance associated with the SIP proxy device during the second time period while rate-limit filtering. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a transmitter to transmit Session Initiation Protocol (SIP) request messages to a SIP proxy device, wherein the transmitter transmits, during a first time period, non-attack SIP request messages and simulated attack SIP request messages, wherein the non-attack SIP request messages are for establishing communication sessions through a network perimeter protection device and wherein the simulated attack SIP request messages include simulated spoofed source network addresses; and a processor to authenticate, during a first portion of the first time period and during a second portion of the first time period different than the first portion, the SIP request messages, wherein the processor determines which of the SIP request messages do not include spoofed source network addresses; wherein the processor is configured to determine to block, during the first portion of the first time period but not during the second portion of the first time period, unauthenticated SIP request messages having a source address from which a SIP request message was already received; wherein the processor is configured to measure a first performance associated with the SIP proxy device during the first portion of the first time period while authenticating and blocking, and to measure a second performance associated with the SIP proxy device during the second portion of the first time period while authenticating and not blocking. - View Dependent Claims (18, 19, 20, 21)
-
Specification