NUI Maynooth

NUI Maynooth ePrints and eTheses Archive

 NUIM Library
Home | About | Browse | Search | Register | User Area | Help | As Gaeilge| Statistics| eTheses

Complexity attack resistant flow lookup achemes for IPv6: a measurement based comparison

Malone, David and Tobin, R. Joshua (2008) Complexity attack resistant flow lookup achemes for IPv6: a measurement based comparison. In: Proceedings, Fourth annual European Conference on Computer Network Defense. EC2ND 2008, December 11th & 12th 2008, Dublin City University, Dublin, Ireland.

[img]PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
283Kb

Abstract

In this paper we look at the problem of choosing a good flow state lookup scheme for IPv6 firewalls. We want to choose a scheme which is fast when dealing with typical traffic, but whose performance will not degrade unnecessarily when subject to a complexity attack. We demonstrate the existing problem and, using captured traffic, assess a number of replacement schemes that are hash and tree based. Our aim is to improve FreeBSD’s ipfw firewall, and so finally we implement the most promising replacement schemes. We show that even though they are more costly computationally, they do not noticeably degrade IPv6 forwarding performance.

Additional Information:"©2008 IEEE. Reprinted from Proceedings Fourth annual European Conference on Computer Network Defense. EC2ND 2008. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE." http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4721225&isnumber=4721214
Keywords:IP networks; Authorisation; Telecommunication traffic; IPv6 firewalls; IPv6 forwarding performance; Complexity attack; Resistant flow lookup schemes; IPv6; Attack; Hash; Lookup.
Subjects:Science & Engineering > Hamilton Institute
Science & Engineering > Computer Science
ID Code:1510
Deposited By:Dr. David Malone
Deposited On:18 Aug 2009 12:36
Refereed:Yes
URL:http://ieeexplore.ieee.org/xpl/tocresult.jsp?isnumber=4721214&isYear=2008

Repository Staff Only: item control page

NUI Maynooth ePrints and eTheses Archive is maintained by the Library. Contact the site administrator at: s.redmondmaloco@nuim.ie