Anticipatory distributed packet filter configuration for carrier-grade IP-Networks

Authors:
Birger Toedtmann;Erwin P. Rathgeb
Affiliations:
Computer Networking Technology Group, Institute of Experimental Mathematics, Duisburg-Essen University, Germany;Computer Networking Technology Group, Institute of Experimental Mathematics, Duisburg-Essen University, Germany
Venue:
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Year:
2006

Citing 5
Cited 0

Implementing a distributed firewall

Proceedings of the 7th ACM conference on Computer and communications security
New dynamic algorithms for shortest path tree computation

IEEE/ACM Transactions on Networking (TON)
Policy-Based Management: Bridging the Gap

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Filtering postures: local enforcement for global policies

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Characteristics of internet background radiation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement

Quantified Score

Hi-index	0.00

Visualization

Abstract

Packet filters have traditionally been used to shield IP networks from known attack flows, ususally within firewall systems connecting trusted and non-trusted network segments. As IP networks grow and tend to connect to more and more neighbor networks with unknown trust status, carrier-grade operators in particular are beginning to experience raising costs due to increasingly complex filter configurations that have to be applied to their networks, in order to maintain a desired security level. In this paper, we present a discussion on the general properties of distributed packet filter configurations and an algorithm for a simplified compilation of anticipatory static packet filter configurations in heterogenous IP networks.