A Dynamic Stateful Multicast Firewall

11 years 17 days ago
A Dynamic Stateful Multicast Firewall
—Enterprises are faced with the challenge of enabling IP multicast applications without exposing their network to multicast denial-of-service attacks. Current practice is to use firewalls and manually configure them on a per-multicast-session basis. This imposes a high work-load on the network administrator, and severely reduces flexibility for end-users. In this paper, we propose and demonstrate a simple yet powerful multicast firewall algorithm that can, under most conditions, automatically distinguish unsolicited multicast packets and drop them to protect the network from denial-of-service attacks. Inspired by the “stateful” operation of unicast firewalls, our multicast firewall blocks unsolicited multicast packets by maintaining state information on multicast group membership and unicast interactions. We prototype our algorithm as a plug-in to Linux NetFilter, and present performance and scalability results from testing on a high-quality multicast video platform coupled...
Shen Li, Vijay Sivaraman, Alex Krumm-Heller, Craig
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ICC
Authors Shen Li, Vijay Sivaraman, Alex Krumm-Heller, Craig Russell
Comments (0)