Determining embryonic connection timeout in stateful inspection
نویسندگان
چکیده
Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0, 3, 9 and 1 ≤ T ≤ 2, and that wide implementation of RFC 2988 is behind the phenomenon. Keywords—stateful inspection, session state purge, TCP, retransmission timeout
منابع مشابه
TCP User Timeout Option Status of This Memo
The TCP user timeout controls how long transmitted data may remain unacknowledged before a connection is forcefully closed. It is a local, per-connection parameter. This document specifies a new TCP option -the TCP User Timeout Option -that allows one end of a TCP connection to advertise its current user timeout value. This information provides advice to the other end of the TCP connection to a...
متن کاملRFC 5482 TCP User
The TCP user timeout controls how long transmitted data may remain unacknowledged before a connection is forcefully closed. It is a local, per-connection parameter. This document specifies a new TCP option -the TCP User Timeout Option -that allows one end of a TCP connection to advertise its current user timeout value. This information provides advice to the other end of the TCP connection to a...
متن کاملExploiting Stateful Inspection of Network Security in Reconfigurable Hardware
One of the most important areas of a network intrusion detection system (NIDS), stateful inspection, is described in this paper. We present a novel reconfigurable hardware architecture implementing TCP stateful inspection used in NIDS. This is to achieve a more efficient and faster network intrusion detection system as todays’ NIDSs show inefficiency and even fail to perform while encountering ...
متن کاملGeneralized Access Control of Synchronous Communication
The security of modern networked applications, such as medical institutions or commercial enterprises, requires increasingly sophisticated access control (AC) that can support communal (e.g., enterprise wide) and stateful (i.e., sensitive to the history of interaction) policies. The Law-Governed Interaction (LGI) mechanism supports such policies, but so far only for asynchronous message passing...
متن کاملIPv6 Specific Issues to Track States of Network Flows
Connection tracking subsystem on Linux tracks states of network flows. It is utilized by packet filter for stateful filtering. In this paper, we propose solutions to issues that arise where connection tracking subsystem handles Routing Header and Mobile IPv6. We also describe how the current connection tracking subsystem handles IPv6 fragments without disturbing Path MTU discovery. As a result ...
متن کامل