Title :
Preventing session table explosion in packet inspection computers
Author :
Kim, Hyogon ; Kim, Jin-Ho ; Kang, Inhye ; Bahk, Saewoong
Author_Institution :
Dept. of Comput. Sci. & Eng., Korea Univ., South Korea
Abstract :
We first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission control protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.
Keywords :
packet switching; quality of service; storage management; table lookup; telecommunication security; telecommunication traffic; transport protocols; network attacks; network monitoring; packet inspection computers; parsimonious memory management; real-life Internet traces; session table explosion; transmission control protocol; Computer networks; Computerized monitoring; Explosions; Guidelines; Inspection; Memory management; Protocols; Random access memory; Telecommunication traffic; Virtual private networks;
Journal_Title :
Computers, IEEE Transactions on
