Abstract
Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0, 3, 9 and 1 ≤ T ≤ 2, and that wide implementation of RFC 2988 is behind the phenomenon.
Original language | English |
---|---|
Pages (from-to) | 458-462 |
Number of pages | 5 |
Journal | Conference Record - International Conference on Communications |
Volume | 1 |
State | Published - 2003 |
Event | 2003 International Conference on Communications (ICC 2003) - Anchorage, AK, United States Duration: 11 May 2003 → 15 May 2003 |
Keywords
- Retransmission timeout
- Session state purge
- Stateful inspection
- TCP