• Title/Summary/Keyword: 패킷 인스펙션

Search Result 1, Processing Time 0.015 seconds

Minimizing Security Hole and Improving Performance in Stateful Inspection for TCP Connections (TCP연결의 스테이트풀 인스펙션에 있어서의 보안 약점 최소화 및 성능 향상 방법)

  • Kim, Hyo-Gon;Kang, In-Hye
    • Journal of KIISE:Information Networking
    • /
    • v.32 no.4
    • /
    • pp.443-451
    • /
    • 2005
  • Stateful inspection devices must maintain flow information. These devices create the flow information also for network attack packets, and it can fatally inflate the dynamic memory allocation on stateful inspection devices under network attacks. The memory inflation leads to memory overflow and subsequent performance degradation. In this paper, we present a guideline to set the flow entry timeout for a stateful inspection device to remove harmful embryonic entries created by network attacks. Considering Transmission Control Protocol (TCP) if utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that for all practical purposes one should not reserve memory for an embryonic TCP connection with more than (R+T) seconds of inactivity where R=0, 3, 9 and $1\leqq{T}\leqq{2}$ depending on the load level.