Title :
Determining embryonic connection timeout in stateful inspection
Author :
Kang, Inhye ; Kim, Hyogon
Author_Institution :
Seoul Univ., South Korea
Abstract :
Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0,3,9 and 1≤T≤2, and that wide implementation of RFC 2988 is behind the phenomenon.
Keywords :
Internet; inspection; monitoring; telecommunication security; transport protocols; Internet; connection states; connection-level monitoring devices; embryonic connection timeout; packet-by-packet filtering process; state lookup performance; stateful inspection; timeout intervals; Embryo; Guidelines; Information filtering; Information filters; Inspection; Internet; Intrusion detection; Monitoring; Security; TCPIP;
Conference_Titel :
Communications, 2003. ICC '03. IEEE International Conference on
Print_ISBN :
0-7803-7802-4
DOI :
10.1109/ICC.2003.1204219
