Detection of denial of service attacks against SIP (session initiation protocol) elements

A method and apparatus directed to detecting DoS (denial of service) attacks against SIP enabled devices. A substantial imbalance between an accounting of SIP INVITE (INV) and SIP 180 Ringing (N.sub.180) messages indicates a DoS attack. Preferably the number (H) of INVITE messages including credentials (INV.sub.c) that are sent from a user client in response to a 407 Authentication Required message from a proxy server are removed from the accounting before the balance is tested. If the equation INV.sub.o+INV.sub.c-H=N.sub.180 (where INV.sub.o is the number of INVITE messages without credentials) is not true within a small margin of error then the presence of a current DoS attack on the proxy server is indicated by the inequality.

Web www.patentalert.com

< Macroscopic model for large scale software system and its behavior

> Method and system for dynamic temperature compensation for a source-synchronous interface

> Service(s) provided to telephony device(s) through employment of data stream(s) associated with the call

~ 00517