Determining embryonic connection timeout in stateful inspection

Inhye Kang; Hyogon Kim

Determining embryonic connection timeout in stateful inspection

Research output: Contribution to journal › Conference article › peer-review

Abstract

Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0, 3, 9 and 1 ≤ T ≤ 2, and that wide implementation of RFC 2988 is behind the phenomenon.

Original language	English
Pages (from-to)	458-462
Number of pages	5
Journal	IEEE International Conference on Communications
Volume	1
Publication status	Published - 2003
Event	2003 International Conference on Communications (ICC 2003) - Anchorage, AK, United States Duration: 2003 May 11 → 2003 May 15

Keywords

Retransmission timeout
Session state purge
Stateful inspection
TCP

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

Cite this

@article{10598af318e64d52a9a3312c678065a9,

title = "Determining embryonic connection timeout in stateful inspection",

abstract = "Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0, 3, 9 and 1 ≤ T ≤ 2, and that wide implementation of RFC 2988 is behind the phenomenon.",

keywords = "Retransmission timeout, Session state purge, Stateful inspection, TCP",

author = "Inhye Kang and Hyogon Kim",

year = "2003",

language = "English",

volume = "1",

pages = "458--462",

journal = "IEEE International Conference on Communications",

issn = "0536-1486",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "2003 International Conference on Communications (ICC 2003) ; Conference date: 11-05-2003 Through 15-05-2003",

}

TY - JOUR

T1 - Determining embryonic connection timeout in stateful inspection

AU - Kang, Inhye

AU - Kim, Hyogon

PY - 2003

Y1 - 2003

N2 - Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0, 3, 9 and 1 ≤ T ≤ 2, and that wide implementation of RFC 2988 is behind the phenomenon.

AB - Purging embryonic connection states after an appropriate time interval is essential for connection-level monitoring devices such as stateful firewalls in order to minimize security holes and improve state lookup performance. This paper investigates what timeout intervals are adequate, based on the analysis of real-life Internet traces. It reveals that (R+T) seconds are useful timeout periods where R=0, 3, 9 and 1 ≤ T ≤ 2, and that wide implementation of RFC 2988 is behind the phenomenon.

KW - Retransmission timeout

KW - Session state purge

KW - Stateful inspection

KW - TCP

UR - http://www.scopus.com/inward/record.url?scp=0038729333&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:0038729333

SN - 0536-1486

VL - 1

SP - 458

EP - 462

JO - IEEE International Conference on Communications

JF - IEEE International Conference on Communications

T2 - 2003 International Conference on Communications (ICC 2003)

Y2 - 11 May 2003 through 15 May 2003

ER -

Determining embryonic connection timeout in stateful inspection

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this