Demonstration: Detection and Analysis of SIP Fraud Attack on 100Gb Ethernet with NEMEA system
CESNET is proud to demonstrate a detection and a reaction to SIP Fraud attack at a line speed of 100GE with usage of custom FPGA-based accelerator. A malicious attack on VoIP Private Branch Exchange (PBX) focusing on the brute-force identification of a private call prefix, authorizing a call from private to public network, will be detected and analyzed using the following architecture.
The extraction module containing 100Gb TAP, an FPGA accelerated 100Gb Ethernet card, a delay buffer software and a storage is deployed on a victim network. Flow data in a form of IPFIX records describing the traffic is extracted, sent to a collector and real-time processed by NEMEA system that detects malicious activity. Once a SIP Fraud attack is detected, the extraction module is configured to capture the full traffic trace of the suspicious IP address. The visualization module then processes the captured data and provides attack details for the network administrator.
This demo will demonstrate capability of our system to measure, detect, capture and visualize SIP Fraud attacks even on the fastest network lines. The advanced visualization has been designed for better understanding attack vectors, and to provide an instant feedback for a network administrator to see what is occurring on the network.