Issues with network address translation for SCTP
作者: David A. Hayes , Jason But , Grenville Armitage
关键词:
摘要: A Stream Control Transmission Protocol (SCTP) capable Network Address Translation (NAT) device is necessary to support the wider deployment of SCTP protocol. The key issues for an NAT are SCTP's control chunk multiplexing and multi-homing features. can expose possible Denial Service attacks. These be mitigated through use parameter processing limits.Multiple changing IP addresses during association, mean that NATs cannot operate in way conventional UDP/TCP operate. Tracking these multiple global help avoiding lookup table conflicts, however, it also result circumstances lead state inconsistencies. Our analysis shows tracking not most expected practical installations.We our FreeBSD implementation, alias_sctp examine performance implications addresses. We find typical memory usage doubles requirements significant installations experience high association arrival rates.In conclusion we provide recommendations a secure stable installation.
acm.org
sigcomm.org 参考文章(9)
Qiaobing Xie, Randall R. Stewart, Stream control transmission protocol (SCTP): a reference guide Addison-Wesley Longman Publishing Co., Inc.. ,(2001)
P. Srisuresh, M. Holdrege, IP Network Address Translator (NAT) Terminology and Considerations RFC. ,vol. 2663, pp. 1- 30 ,(1999)
P. Srisuresh, K. Egevang, Traditional IP Network Address Translator (Traditional NAT) RFC3022. ,vol. 3022, pp. 1- 16 ,(2001)
V. Paxson, Q. Xie, L. Zhang, C. Sharp, M. Kalla, T. Taylor, R. Stewart, I. Rytina, H. Schwarzbauer, K. Morneault, Stream Control Transmission Protocol RFC. ,vol. 2960, pp. 1- 134 ,(2000)
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
M. Tuxen, I. Rungeler, R. Stewart, E. Rathgeb, Network Address Translation for the Stream Control Transmission Protocol IEEE Network. ,vol. 22, pp. 26- 32 ,(2008) , 10.1109/MNET.2008.4626229
Michael Tüxen, Irene Ruengeler, Randall Stewart, Stream Control Transmission Protocol (SCTP) Network Address Translation ,(2013)
Qiaobing Xie, Randall R. Stewart, Stream Control Transmission Protocol (SCTP) ,(2001)
P. Ferguson, D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC Editor. ,(None) , 10.17487/RFC2827