Preventing session table explosion in packet inspection computers

Hyogon Kim, Jin Ho Kim, Inhye Kang, Saewoong Bahk

Research output: Contribution to journalArticle

18 Citations (Scopus)

Abstract

In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.

Original languageEnglish
Pages (from-to)238-240
Number of pages3
JournalIEEE Transactions on Computers
Volume54
Issue number2
DOIs
Publication statusPublished - 2005 Feb 1

Fingerprint

Transmission control protocol
Explosion
Explosions
Inspection
Table
Data storage equipment
Attack
Memory Management
Inflation
Trace
Traffic
Internet
Processing
Demonstrate

Keywords

  • Memory management
  • Network monitoring
  • Packet inspection
  • TCP
  • Timeout

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture

Cite this

Preventing session table explosion in packet inspection computers. / Kim, Hyogon; Kim, Jin Ho; Kang, Inhye; Bahk, Saewoong.

In: IEEE Transactions on Computers, Vol. 54, No. 2, 01.02.2005, p. 238-240.

Research output: Contribution to journalArticle

Kim, Hyogon ; Kim, Jin Ho ; Kang, Inhye ; Bahk, Saewoong. / Preventing session table explosion in packet inspection computers. In: IEEE Transactions on Computers. 2005 ; Vol. 54, No. 2. pp. 238-240.
@article{d34509a9d506429f894745f2d0b41d31,
title = "Preventing session table explosion in packet inspection computers",
abstract = "In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.",
keywords = "Memory management, Network monitoring, Packet inspection, TCP, Timeout",
author = "Hyogon Kim and Kim, {Jin Ho} and Inhye Kang and Saewoong Bahk",
year = "2005",
month = "2",
day = "1",
doi = "10.1109/TC.2005.31",
language = "English",
volume = "54",
pages = "238--240",
journal = "IEEE Transactions on Computers",
issn = "0018-9340",
publisher = "IEEE Computer Society",
number = "2",

}

TY - JOUR

T1 - Preventing session table explosion in packet inspection computers

AU - Kim, Hyogon

AU - Kim, Jin Ho

AU - Kang, Inhye

AU - Bahk, Saewoong

PY - 2005/2/1

Y1 - 2005/2/1

N2 - In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.

AB - In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.

KW - Memory management

KW - Network monitoring

KW - Packet inspection

KW - TCP

KW - Timeout

UR - http://www.scopus.com/inward/record.url?scp=14844357779&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=14844357779&partnerID=8YFLogxK

U2 - 10.1109/TC.2005.31

DO - 10.1109/TC.2005.31

M3 - Article

VL - 54

SP - 238

EP - 240

JO - IEEE Transactions on Computers

JF - IEEE Transactions on Computers

SN - 0018-9340

IS - 2

ER -