Could VoIP Hide DoS Attacks?

January 26, 2006

A working group of communications security experts at the Communications Research Network (CRN) has gone public with a warning that VoIP applications could be used by criminals to launch denial-of-service (DoS) attacks and make it much harder to find out who is launching them.

CRN is a joint venture between Cambridge University and the Massachusetts Institute of Technology. Jon Crowcroft, Marconi Professor of Communications Systems at Cambridge, heads up CRN's working group on Internet security. This group, which publicly released its warning in a release dated today, Jan. 26, 2006, previously "shared its findings with the VoIP community before going public," according to the release.

A typical DoS attack uses hijacked "zombie" computers to target a network with a deluge of email messages to overwhelm it and bring it down. CRN says that IP voice networks could be used to mask such attacks, a danger that is augmented because many VoIP providers employ proprietary protocols.

Crowcroft feels that VoIP providers should make their routing specifications "more transparent" or move to open standards. CRN also recommends that the industry establish "a central database where companies and individuals can log attacks anonymously, thereby allowing the communications industry to assess the scale of the problem and identify patterns of attack."

AB -- 1/26/06

Related Tags: attacks, communications, group