Abstract: A SIP firewall defends an IMS network against SIP registration-based DoS/DDoS attacks by issuing fake authentication challenges when suspiciously high registration traffic is present. The fake authentication challenges include a predictive nonce that is to be used in the challenge response, thus forcing users to be state-aware and to issue the SIP registration requests from valid IP address in order to successfully respond to the fake authentication challenges. Upon confirming an association between the challenge response and the fake authentication challenges, the firewall opens a registration window to a protected node of the core network. In such manner, the firewall opens a registration window to (unauthenticated) legitimate users while stopping DDoS mode of registrations (or at least making them extremely difficult and costly) without impacting or involving the protected node.

Abstract: A SIP firewall defends an IMS network against SIP registration-based DoS/DDoS attacks by issuing fake authentication challenges when suspiciously high registration traffic is present. The fake authentication challenges include a predictive nonce that is to be used in the challenge response, thus forcing users to be state-aware and to issue the SIP registration requests from valid IP address in order to successfully respond to the fake authentication challenges. Upon confirming an association between the challenge response and the fake authentication challenges, the firewall opens a registration window to a protected node of the core network. In such manner, the firewall opens a registration window to (unauthenticated) legitimate users while stopping DDoS mode of registrations (or at least making them extremely difficult and costly) without impacting or involving the protected node.

Abstract: Various method and apparatus are provided directed to load allocation. In one embodiment, a distributor distributes a load to one of a plurality of peer nodes, each peer node having associated thereto a corresponding scalar based on a load factor value, the scalar of the one peer node satisfying a load management condition. The corresponding scalar of the plurality of peer nodes may be tested in a sequentially order until the load management condition is satisfied by the scalar of the one peer nodes. Testing may include threshold testing and begin with the scalar of a last remote peer node to which a most recent prior load was distributed. When the load management condition is satisfied by a scalar, it is decremented based on the load factor value, which may approximate a first number divided by the number of peer nodes in the plurality.