We introduce a novel SIP based attack, named as the SR-DRDoS attack, that exploits some less known SIP features by using the IP-spoofing technique, the reflection based attack logic and the DDoS attack logic.Furthermore, we develop a SIP-based DoS/DDoS attack simulator, named Mr.SIP, and use it to implement our SR-DRDoS attack.
Our attack is shown to dramatically increase the CPU load of a SIP server from 0% up to 100% in only 4 minutes after the attack is initiated.Since Microwave Glass Plate our intelligent attack creates legitimate Table traffic on the SIP network by using reflection methods, it bypasses black-lists as well as IP, packet-count or session/transaction based rate limiting and automatic message generation detection systems which exist in state-of-the-art security perimeters such as firewalls, intrusion detection/prevention systems and anomaly detection systems.Moreover, we propose a novel defense mechanism that effectively mitigates our proposed DRDoS attack.
Our defense mechanism is shown to successfully reduce the CPU load of a SIP server under attack from 71% down to 18% within 3 minutes after it is initiated.