Stateful Inspection has become a classical technology for network firewall. Existing session table architectures of Stateful Inspection firewalls cause high time cost of timeout processing. A new architecture is proposed. The new architecture divides a session entry into two separate parts, and designs different data structures for each other. On the base of multi-queue architecture, dynamical timeouts according to available resource improve securities of protected hosts against SYN flood attack. Experimental results show that the new architecture can work well in Gigabit Ethernet network.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
- Session Table Architecture for Defending SYN Flood Attack
- Springer Berlin Heidelberg
Neuer Inhalt/© ITandMEDIA