MURAL - Maynooth University Research Archive Library



    Complexity attack resistant flow lookup achemes for IPv6: a measurement based comparison


    Malone, David and Tobin, R. Joshua (2008) Complexity attack resistant flow lookup achemes for IPv6: a measurement based comparison. In: Proceedings, Fourth annual European Conference on Computer Network Defense. EC2ND 2008, December 11th & 12th 2008, Dublin City University, Dublin, Ireland.

    [img] Download (290kB)
    Official URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arn...


    Share your research

    Twitter Facebook LinkedIn GooglePlus Email more...



    Add this article to your Mendeley library


    Abstract

    In this paper we look at the problem of choosing a good flow state lookup scheme for IPv6 firewalls. We want to choose a scheme which is fast when dealing with typical traffic, but whose performance will not degrade unnecessarily when subject to a complexity attack. We demonstrate the existing problem and, using captured traffic, assess a number of replacement schemes that are hash and tree based. Our aim is to improve FreeBSD’s ipfw firewall, and so finally we implement the most promising replacement schemes. We show that even though they are more costly computationally, they do not noticeably degrade IPv6 forwarding performance.

    Item Type: Conference or Workshop Item (Paper)
    Additional Information: "©2008 IEEE. Reprinted from Proceedings Fourth annual European Conference on Computer Network Defense. EC2ND 2008. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE." http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4721225&isnumber=4721214
    Keywords: IP networks; Authorisation; Telecommunication traffic; IPv6 firewalls; IPv6 forwarding performance; Complexity attack; Resistant flow lookup schemes; IPv6; Attack; Hash; Lookup.
    Academic Unit: Faculty of Science and Engineering > Computer Science
    Faculty of Science and Engineering > Research Institutes > Hamilton Institute
    Item ID: 1510
    Depositing User: Dr. David Malone
    Date Deposited: 18 Aug 2009 11:36
    Refereed: Yes
    URI:
    Use Licence: This item is available under a Creative Commons Attribution Non Commercial Share Alike Licence (CC BY-NC-SA). Details of this licence are available here

    Repository Staff Only(login required)

    View Item Item control page

    Downloads

    Downloads per month over past year

    Origin of downloads

    Altmetric
    MURAL - Maynooth University Research Archive Library is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.