摘要 |
<p><P>PROBLEM TO BE SOLVED: To accurately and surely detect a DoS attack on an SIP server or on an SIP client. <P>SOLUTION: An abnormal traffic detecting apparatus 20 acquires status information of SIP transaction processing from the header of an SIP packet, monitors the SIP packet to be processed by the SIP transaction processing and detects an abnormal packet from monitored SIP packets and acquired status information. More specifically, when an unintended SIP packet is received in a state of specific transaction processing, or when the number of times of resending an SIP packet exceeds a predetermined threshold in a state of the same transaction processing, the abnormal traffic detecting apparatus 20 detects the SIP packet as an abnormal packet. <P>COPYRIGHT: (C)2008,JPO&INPIT</p> |