By Topic

Complexity Attack Resistant Flow Lookup Schemes for IPv6: A Measurement Based Comparison

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)

In this paper we look at the problem of choosing a good flow statelookup scheme for IPv6 firewalls. We want to choose a scheme whichis fast when dealing with typical traffic, but whose performancewill not degrade unnecessarily when subject to a complexity attack.We demonstrate the existing problem and, using captured traffic,assess a number of replacement schemes that are hash and tree based.Our aim is to improve FreeBSD's ipfw firewall, and so finally weimplement the most promising replacement schemes. We show that eventhough they are more costly computationally, they do not noticeablydegrade IPv6 forwarding performance.

Published in:

Computer Network Defense, 2008. EC2ND 2008. European Conference on

Date of Conference:

11-12 Dec. 2008