-
公开(公告)号:KR100608136B1
公开(公告)日:2006-08-08
申请号:KR1020050013414
申请日:2005-02-18
Applicant: 재단법인서울대학교산학협력재단
Abstract: Disclosed herein is a method of improving a security performance in a stateful inspection of TCP connections. In the security performance improvement method, a stateful inspection computer, placed between first and second hosts in which TCP connections are set up, creates a single session entry corresponding to a new SYN packet whenever the new SYN packet is generated between the first and second hosts. A state of connection progress is updated whenever a packet for a flow between the first and second hosts arrives at the stateful inspection computer. It is determined whether a time required for the updated connection progress has exceeded a predetermined timeout. Further, a session entry in an embryonic connection stage exceeding the timeout is purged. Accordingly, the present invention is advantageous in that it efficiently uses the memory of a stateful inspection computer, maintains lookup performance, and continues stateful inspection even in the face of network attacks, thus improving security performance of the stateful inspection computer.
Abstract translation: 本文公开了一种改进TCP连接的状态检查中的安全性能的方法。 在安全性能改进方法中,无论何时在第一和第二主机之间生成新的SYN分组时,置于建立TCP连接的第一和第二主机之间的状态检查计算机创建对应于新的SYN分组的单个会话条目 。 无论何时在第一和第二主机之间的流的分组到达状态检查计算机时,连接进度的状态都被更新。 确定更新的连接进度所需的时间是否已经超过预定的超时。 此外,清除超过超时的初始连接阶段中的会话条目。 因此,本发明的有利之处在于,它有效地使用状态检查计算机的存储器,保持查找性能,并且即使面对网络攻击也继续状态检查,从而提高了状态检查计算机的安全性能。
Search Results
1
records
(took 0.019 seconds)
