مرکز منطقه ای اطلاع رساني علوم و فناوري - Complexity Attack Resistant Flow Lookup Schemes for IPv6: A Measurement Based Comparison

DocumentCode :

1937841

Title :

Complexity Attack Resistant Flow Lookup Schemes for IPv6: A Measurement Based Comparison

Author :

Malone, David ; Tobin, R. Joshua

fYear :

2008

fDate :

11-12 Dec. 2008

Firstpage :

Lastpage :

Abstract :

In this paper we look at the problem of choosing a good flow statelookup scheme for IPv6 firewalls. We want to choose a scheme whichis fast when dealing with typical traffic, but whose performancewill not degrade unnecessarily when subject to a complexity attack.We demonstrate the existing problem and, using captured traffic,assess a number of replacement schemes that are hash and tree based.Our aim is to improve FreeBSD´s ipfw firewall, and so finally weimplement the most promising replacement schemes. We show that eventhough they are more costly computationally, they do not noticeablydegrade IPv6 forwarding performance.

Keywords :

IP networks; authorisation; telecommunication traffic; IPv6 firewalls; IPv6 forwarding performance; complexity attack resistant flow lookup schemes; Binary trees; Computer crime; Computer networks; Cryptography; Degradation; Fluid flow measurement; Protocols; TCPIP; Throughput; IPv6; attack; hash; lookup;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Computer Network Defense, 2008. EC2ND 2008. European Conference on

Conference_Location :

Dublin

Print_ISBN :

978-0-7695-3479-4

Type :

conf

DOI :

10.1109/EC2ND.2008.9

Filename :

4721225

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1937841