Like various services providing access over public IP networks, VoIP (Voice over IP) networks providing communications over IP network services are also subject to various types of malicious attacks. These malicious attacks may utilize a strategy called spoofing, where the source IP Address/port of the packet carrying the offensive message is not the actual source IP Address/port of the actual sender of the message. Alternatively, the malicious attacks may involve attacks where the source IP Address/port may be accurate but the attaching device ignores responses to a message and continues to send messages in an attempt to overwhelm, e.g., flood, the device being attached. Other types of malicious attacks are also possible. It should be appreciated that flooding attacks may but need not involve spoofing.
In the case of spoofed messages the message header is forged by a device so that the message appears to have originated from someone or somewhere other than the actual source. Often such forgery is used by malicious devices and/or distributors of spam in an attempt to get the recipients to open, and possibly even respond to, their solicitations.
Although some spoofed messages may not cause serious harm to the receiving device, many malicious spoofed messages can cause serious problems and security risks, e.g., causing disclosure of sensitive data, passwords, financial and/or other personal information. In any case for a system and/or service provider providing services over IP networks the information such as the source IP Address/port of the spoofed message would be a valuable piece of information for analysis of attacks to know whether spoofing is applied.
From the above discussion it should be appreciated that there is a need for methods and apparatus for detecting and/or determining if a device, network and/or system is under a spoofing or other malicious attack. It would be desirable that such methods and apparatus can gather useful information which can be used in determining how future calls and/or requests received at the device should be handled and/or which would facilitate actions that can be used to reduce or mitigate future or ongoing malicious attacks.