ecurity threats are considered minimal in current circuit-switched networks. This is achieved by using a closed networking environment dedicated to a single application (namely voice). In an open environment such as the Internet, mounting an attack on a telephony server is, however, much simpler. This is due to the fact that voice over IP (VoIP) services are based on standardized and open technologies (i.e., SIP, H.323, MEGACO) using servers reachable through the Internet, implemented in software and provided often over general-purpose computing hardware. Therefore, such services can suffer from similar security threats as HTTP-based services. Instead of generating thousands of costly voice calls, the attacker can easily send thousands of VoIP invitations in a similar manner to attacks on Web servers. These attacks are simple to mount and, with flat rate Internet access, are also cheap.Denial of service (DoS) attacks aim at denying or degrading a legitimate user's access to a service or network resource, or at bringing down the servers offering such services. According to a 2004 CSI/FBI survey report 17 percent of respondents detected DoS attacks directed against them, with the respondents indicating that DoS was the most costly cyberattack for them, even before theft of proprietary information [1]. To make things worse, attackers have developed tools to coordinate distributed attacks from many separate sites, also known as distributed denial of service (DDoS) attacks.Besides launching brute force attacks by generating a large number of useless VoIP calls, attackers can use certain features of the used VoIP protocol to incur higher loads at the servers. This might involve issuing requests that must be authenticated, require database lookups by the VoIP servers, or cause an overhead at the servers in terms of saved state information or incurred calculations. Furthermore, the VoIP infrastructure can be corrupted by launching DoS attacks on components used by the VoIP infrastructure, or the protocols and layers on top of which the VoIP infrastructure is based, such as routing protocols or TCP. For an extensive overview on DoS attacks in the Internet refer to [2].The Session Initiation Protocol (SIP) [3] is establishing itself as the de facto standard for VoIP services in the Internet and next generation networks. Therefore, this article is dedicated to investigating possibilities of launching denial of service attacks on SIP servers and ways for preventing and reducing the effects of such attacks.SIP is a text-based protocol designed to establish or terminate a session between two partners. The message format is similar to HTTP [4], with message headers and corresponding values, such as "From: user@sip.org" to denote the sender of a message.Several entities form a SIP network, including user agents that generate or terminate SIP requests, registrars, where users log in and announce their availability in the SIP network, and proxies that forward requests in the SIP networks. For a detailed overview of SIP refer to [5...
