Preventing session table explosion in packet inspection computers

Hyogon Kim; Jin Ho Kim; Inhye Kang; Saewoong Bahk

doi:10.1109/TC.2005.31

Preventing session table explosion in packet inspection computers

Hyogon Kim
, Jin Ho Kim
, Inhye Kang
, Saewoong Bahk

Department of Mechanical and Information Engineering

Korea University
Samsung
Seoul National University

Research output: Contribution to journal › Article › peer-review

20 Scopus citations

Abstract

In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.

Original language	English
Pages (from-to)	238-240
Number of pages	3
Journal	IEEE Transactions on Computers
Volume	54
Issue number	2
DOIs	https://doi.org/10.1109/TC.2005.31
State	Published - Feb 2005

Keywords

Memory management
Network monitoring
Packet inspection
TCP
Timeout

Access to Document

10.1109/TC.2005.31

Cite this

@article{9f71354a2dab42d39fd1077c0f1c653e,

title = "Preventing session table explosion in packet inspection computers",

abstract = "In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.",

keywords = "Memory management, Network monitoring, Packet inspection, TCP, Timeout",

author = "Hyogon Kim and Kim, \{Jin Ho\} and Inhye Kang and Saewoong Bahk",

year = "2005",

month = feb,

doi = "10.1109/TC.2005.31",

language = "English",

volume = "54",

pages = "238--240",

journal = "IEEE Transactions on Computers",

issn = "0018-9340",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - Preventing session table explosion in packet inspection computers

AU - Kim, Hyogon

AU - Kim, Jin Ho

AU - Kang, Inhye

AU - Bahk, Saewoong

PY - 2005/2

Y1 - 2005/2

N2 - In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.

AB - In this paper, we first show that various network attacks can cause fatal inflation of dynamic memory usage on packet processing computers. Considering Transmission Control Protocol (TCP) is utilized by most of these attacks as well as legitimate traffic, we propose a parsimonious memory management guideline based on the design of the TCP and the analysis of real-life Internet traces. In particular, we demonstrate that, for all practical purposes, one should not allocate memory for an embryonic TCP connection with roughly more than 10 seconds of inactivity.

KW - Memory management

KW - Network monitoring

KW - Packet inspection

KW - TCP

KW - Timeout

UR - https://www.scopus.com/pages/publications/14844357779

U2 - 10.1109/TC.2005.31

DO - 10.1109/TC.2005.31

M3 - Article

AN - SCOPUS:14844357779

SN - 0018-9340

VL - 54

SP - 238

EP - 240

JO - IEEE Transactions on Computers

JF - IEEE Transactions on Computers

IS - 2

ER -

Preventing session table explosion in packet inspection computers

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this