Printer Friendly
The Free Library
19,607,059 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

CT Labs Verifies Power of Acme Packet's Denial of Service Protection; Acme Packet session border controller passes 7.6 million SIP calls while under attack of 40 billion messages from over 1 billion random sources at rate of 130,000 INVITES per second.


BURLINGTON, Mass. -- CT Labs and Acme Packet(R) today announced test results for the Acme Packet Net-Net(TM) SD session border controller A Session Border Controller is a device used in some VoIP networks to exert control over the signaling and usually also the media streams involved in setting up, conducting, and tearing down calls.  in the area of denial-of-service protection. The testing verified that the Net-Net SD provides an extremely robust level of security for service providers with respect to a wide range of potential attacks designed to degrade or terminate their voice-over IP (VoIP) services. Tests of a leading SIP proxy (Session Initiation Protocol proxy) A server in a SIP-based IP telephony environment. It is required in large companies with numerous telephone numbers or when the Internet is the long distance transport.  product and a leading firewall product also verified that these products can be successfully attacked very easily with significantly lower levels of traffic than the Net-Net SD.

The Net-Net SD, SIP proxy and firewall were each subjected to six types of denial-of-service (DoS) and distributed-denial-of-service (DDoS) attacks including:

--SIP flood tests - flood attacks consisting of INVITE, REGISTER and Response messages from thousands of random source addresses/ports

--SIP spoof See spoofing.

spoof - spoofing  flood tests - same as SIP flood tests but with spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing.

(2) Creating fake responses or signals in order to keep a session active and prevent timeouts.  of different headers, fields and addresses

--SIP malformed malĀ·formed
adj.
Abnormally or faultily formed.  packet tests - over 4500 Protos attack cases

--SIP torture tests - IETF See Internet Engineering Task Force.

IETF - Internet Engineering Task Force  draft of 49 malformed or unusually formatted SIP messages

--RTP attack tests - RTP (1) (Rapid Transport Protocol) The protocol used in IBM's High Performance Routing (HPR) system.

(2) (Realtime Transport Protocol) An IP protocol that supports real time transmission of voice and video.  fraud and denial-of-service attacks

The Net-Net SD successfully completed all tests. More specifically, the Net-Net SD:

--Protected itself and the SIP proxy against all attacks.

--Completed 7.6 million SIP calls during an extended 60 hour test run while being simultaneously attacked by a flood of over 40 billion fraudulent SIP INVITE messages at a rate of approximately 130,000 INVITES/second from over 1 billion randomly generated source addresses from the entire IPv4 address range. No legitimate calls failed and no RTP media packets were lost during this run.

--Protected against a flood of malformed, very small SIP INVITE, REGISTER and OPTIONS messages at a rate of approximately 300,000 messages/second for a period of 12 hours with no call failures or lost media packets.

--Protected against a flood of fraudulent SIP REGISTER messages from random sources for a period of 12 hours without impacting legitimate calls and without flooding the bogus Register messages through to the SIP proxy server.

--Introduced an average increase in signaling latency (through the Net-Net SD) of only 2 ms while under attack. The RTP media jitter A flicker or fluctuation in a transmission signal or display image. The term is used in several ways, but it always refers to some offset of time and space from the norm. For example, in a network transmission, jitter would be a bit arriving either ahead or behind a standard clock cycle  introduced by the Net-Net SD in all tests was found to be less than 1 ms - the minimum value measurable by the test equipment.

"The Acme Packet Net-Net SD flawlessly passed all of CT Labs' grueling attack tests - no denial-of- service and zero call failures," said Chris Bajorek, director of CT Labs. "These tests clearly demonstrated the Net-Net SD's ability to transparently defend against our comprehensive series of SIP attacks without any significant reduction in call processing In telecommunication, the term call processing has the following meanings:
  1. The sequence of operations performed by a switching system from the acceptance of an incoming call through the final disposition of the call.
 capacity or increase in signaling or media delay. This is an impressive result."

A CT Labs report describing the products tested, test tools, test bed and summary test results are available at Acme Packet's web site - www.acmepacket.com.

About Acme Packet

Acme Packet, the leader in session border control, enables service providers to deliver premium, interactive communications - voice, video and multimedia sessions - across IP network borders. Our Net-Net family has been selected by over 150 service providers, including 13 of the top 14 providers in the world, to satisfy critical security, service assurance and regulatory requirements in wireline, cable and wireless networks. These deployments support all applications - from trunking to hosted enterprise and residential services; all protocols - SIP, H.323, MGCP/NCS and H.248; and all border points - network interconnect, subscriber access and data center connect. For more information, contact us at +1 781.328.4400, or visit www.acmepacket.com.

About CT Labs

CT Labs is the leading supplier of independent product testing, Q/A Q/A Question and Answer
Q/A Quality Accounting , and analysis services for the converged communications industry communications industry, broadly defined, the business of conveying information. Although communication by means of symbols and gestures dates to the beginning of human history, the term generally refers to mass communications. . CT Labs' testing automation specialists perform both standard test suites as well as custom-developed tests for special needs. CT Labs prides itself on working with cutting edge convergence technology and products. CT Labs was founded in 1998 and is headquartered in Rocklin, California Rocklin is a city in Placer County, California. It is a primarily residential community located north of Sacramento. It shares borders with Roseville, Loomis, and Lincoln. As of 2006, the city's population was estimated to be 50,920 people[1]. . For more information, visit the CT Labs Web site at www.ct-labs.com.
COPYRIGHT 2005 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Sep 20, 2005
Words:674
Previous Article:Sparton Corporation Receives Certification For The Restriction of Hazardous Substances (RoHS) Directive.
Next Article:Pasta Pomodoro Chooses Netifice to Implement and Manage Inter-Restaurant Broadband Infrastructure; Netifice Delivers Consistent, High Performance...



Related Articles
IVR Technologies and Acme Packet Complete SIP Interoperability Testing for Prepaid Calling Card Services and Real-Time Billing.
Acme Packet and Tangerine Partner for SIP-Based Prepaid Calling.
CT Labs Verifies That Acme Packet Supports 1.62M BHCA and 50,000 Concurrent Calls Using Empirix Hammer Test Tools.
Acme Packet Introduces Net-SAFE for Session Border Controllers; Establishes Security Requirements Framework for Session Border Controllers.
Telefonica Deploys Acme Packet Session Border Controllers for Business and Residential VoIP Services; World's 9th Largest Service Provider with over...
Fibernet Group plc Networks with Acme Packet; Acme Packet Net-Net Session Border Controllers Deployed by Fibernet for Voice Interconnect Services.
NexTone Multiprotocol Session Controller Sets New Industry Performance Standards as Measured by CT Labs; NexTone MSC Processes 18.7 Million...
Brasil Telecom Launches VoIPfone Using Acme Packet Session Border Controllers; Acme Packet Net-Net SBCs enhance security and extend reach for...
Acme Packet Unveils Decomposed Session Border Control Configurations; Demonstrations to Occur at VON Boston and MultiService Forum's GMI 2006.
Arcor Expands IP Interactive Communications Service Portfolio Using Acme Packet Session Border Controllers.

Terms of use | Copyright © 2012 Farlex, Inc. | Feedback | For webmasters | Submit articles