Internet Protocol (IP) telephone devices and other endpoints can use Voice over IP (VoIP) to send and receive voice data over a packet switched network. Sometimes one endpoint is used to send another endpoint malicious voice data communications, which are referred to as Voice Denial-of-Service (VDoS) attacks. These malicious communications are designed to overwhelm processing resources of the target endpoint thereby preventing the target endpoint from processing legitimate voice data communications.
Although endpoint-based solutions have been proposed to identify undesired voice traffic before it is fully processed by the target endpoint, other on-path network devices besides the targeted endpoint may forward the VDoS traffic before the target endpoint or its proxy drops the VDoS traffic. These other on-path network devices consume processing power forwarding the VDoS traffic, which can prevent them from serving legitimate calls. The disclosure that follows solves this and other problems.