Network attacks may include denial of service (DoS) attacks, port scans and network probes to detect and exploit system vulnerabilities, protocol-based attacks on intermediary routing systems, etc. DoS attacks may include overwhelming of a service with traffic in an attempt to prevent legitimate users from using the service. As service providers develop value added revenue sources based on Internet protocol (IP) application services, such as voice-over-IP (VoIP), the open nature of the IP infrastructure may put those revenue sources at risk. Excessive traffic and resource depletion attacks may use either forged or spoofed source addresses or compromised hosts (e.g., VoIP soft clients, botnets, etc.). These mechanisms increase the difficulty in tracing an attack back to the initiator of the attack. Routing protocol-based attacks can be used to compromise legitimate routing and forwarding.
In one example, DoS attacks maliciously target inbound services (e.g., 8XX services, direct dial services, etc.) to disrupt an enterprise call center. VoIP soft clients and/or botnets are scripted for mass calling of a call center, and an originating number is uniquely spoofed for each call. The call volume generated by the mass calling fills network trunks and prevents call center agents from providing service to real clients. Conversions between VoIP networks and the public switched telephone network (PSTN) removes details associated with the calls, which may be helpful for remediation. However, many VoIP carriers that are the sources of such mass calls refuse to investigate or address originators of the mass calls. Without the assistance of the VoIP carriers, it may be almost impossible for call center providers to prevent disruptive DoS attacks on call centers.