• DocumentCode
    395812
  • Title

    Determining embryonic connection timeout in stateful inspection

  • Author

    Kang, Inhye ; Kim, Hyogon

  • Author_Institution
    Seoul Univ., South Korea
  • Volume
    1
  • fYear
    2003
  • fDate
    11-15 May 2003
  • Firstpage
    458
  • Abstract
    Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0,3,9 and 1≤T≤2, and that wide implementation of RFC 2988 is behind the phenomenon.
  • Keywords
    Internet; inspection; monitoring; telecommunication security; transport protocols; Internet; connection states; connection-level monitoring devices; embryonic connection timeout; packet-by-packet filtering process; state lookup performance; stateful inspection; timeout intervals; Embryo; Guidelines; Information filtering; Information filters; Inspection; Internet; Intrusion detection; Monitoring; Security; TCPIP;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications, 2003. ICC '03. IEEE International Conference on
  • Print_ISBN
    0-7803-7802-4
  • Type

    conf

  • DOI
    10.1109/ICC.2003.1204219
  • Filename
    1204219
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=395812