How many times can a Registrar / Proxy challenge a UE with 401/407? If this UE is a malicious UE which keeps on sending random challenge responses, how can the Proxy / Registrar cease from honouring any more request, so that it can protect itself from any Denial Of Service attacks?
Asked
Active
Viewed 121 times
1 Answers
1
Most of the time it's a configuration of the used SIP server. The server should have a mechanism to detect and prevent DoS attacks.
For example Kamailio has a pike module which tracks the number of SIP messages per source IP address, and blocks the source after the limit is reached. Of course, this will not work if you use spoofed IPs. Similar configurations exists for other servers - Asterisk, FreeSwitch etc. you have to dig in the particular documentation.
It's not necessary this security mechanism to be provided from the SIP Server (and in the common case, I don't think the SIP Servers take care of this) > Routers/Firewalls could prevent DoS before the packets hit the SIP Server.
hovanessyan
- 30,580
- 6
- 55
- 83