Session table architecture for defending SYN flood attack

Xin Li,Zhenzhou Ji,Mingzeng Hu
DOI: https://doi.org/10.1007/11602897_19
2005-01-01
Abstract:Stateful Inspection has become a classical technology for network firewall. Existing session table architectures of Stateful Inspection firewalls cause high time cost of timeout processing. A new architecture is proposed. The new architecture divides a session entry into two separate parts, and designs different data structures for each other. On the base of multi-queue architecture, dynamical timeouts according to available resource improve securities of protected hosts against SYN flood attack. Experimental results show that the new architecture can work well in Gigabit Ethernet network.
What problem does this paper attempt to address?