ABSTRACT
Internet Protocol (IP) telephony, being an Internet-based service, is equally vulnerable to overloading caused by fl ash crowds or fl ooding DoS attacks. In the past, there were many instances when landline and wireless telephone systems experienced fl ash crowd events. In 1996, there was an instance of televoting, in which within two hours, 2.5 million people called two telephone numbers to say “yes” or “no” to ITV’s television program Monarchy, Yes or No. The “human repeated attempt” pattern was observed, in which the engaged number was repeatedly tried until either it responded or the customers hung up. Similarly, New York’s SS7-based landline and wireless telephone systems experienced a fl ash crowd event during the September 11, 2001, terrorist attack and on August 14, 2003, the North America blackout. Thus, it is reasonable to predict that IP telephone systems will face similar fl ash crowd events. Further, due to the shift of intelligence toward the end devices (such as IP telephones and PC-based softphones), Voice over Internet Protocol (VoIP) is more likely to encounter overloading attacks than traditional telephone system [known as public switched telephone network (PSTN)].
