Malone, David and Tobin, R. Joshua (2008) Complexity attack resistant flow lookup achemes for IPv6: a measurement based comparison. In: Proceedings, Fourth annual European Conference on Computer Network Defense. EC2ND 2008, December 11th & 12th 2008, Dublin City University, Dublin, Ireland.
In this paper we look at the problem of choosing a good flow state lookup scheme for IPv6 firewalls. We want to choose a scheme which is fast when dealing with typical traffic, but whose performance will not degrade unnecessarily when subject to a complexity attack. We demonstrate the existing problem and, using captured traffic, assess a number of replacement schemes that are hash and tree based. Our aim is to improve FreeBSD’s ipfw firewall, and so finally we implement the most promising replacement schemes. We show that even though they are more costly computationally, they do not noticeably degrade IPv6 forwarding performance.
|Item Type:||Conference or Workshop Item (Paper)|
|Additional Information:||"©2008 IEEE. Reprinted from Proceedings Fourth annual European Conference on Computer Network Defense. EC2ND 2008. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE." http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4721225&isnumber=4721214|
|Keywords:||IP networks; Authorisation; Telecommunication traffic; IPv6 firewalls; IPv6 forwarding performance; Complexity attack; Resistant flow lookup schemes; IPv6; Attack; Hash; Lookup.|
|Subjects:||Science & Engineering > Hamilton Institute
Science & Engineering > Computer Science
|Depositing User:||Dr. David Malone|
|Date Deposited:||18 Aug 2009 11:36|
Repository Staff Only(login required)
|Item control page|