• Title/Summary/Keyword: IP tunneling

Search Result 105, Processing Time 0.025 seconds

Implementation and Validation of the Web DDoS Shelter System(WDSS) (웹 DDoS 대피소 시스템(WDSS) 구현 및 성능검증)

  • Park, Jae-Hyung;Kim, Kang-Hyoun
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.4
    • /
    • pp.135-140
    • /
    • 2015
  • The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

A Seamless Handoff Method Using Multiple Gateway in Hybrid Ad-hoc Networks (하이브리드 Ad-hoc 네트워크에서 다중 게이트웨이를 이용한 끊김없는 핸드오프 기법)

  • Cho Sung-Min;Park Sung-Han
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.43 no.6 s.348
    • /
    • pp.39-45
    • /
    • 2006
  • n a hybrid ad-hoc network, wired network and a mobile ad-hoc network are connected by the internet gateway. To provide seamless service for internet users in the hybrid ad-hoc network, an efficient internet gateway selection technique and a fast handover technique are needed. In this paper, we propose a seamless handoff technique for providing mobility of mobile hosts in hybrid ad-hoc networks. The proposed internet gateway re-registration algorithm improves general handoff performance. Moreover, the handoff processing time within certain range of area is reduced by using mobility management agent(MMA). In addition the packet loss is reduced when handoff occurs out of the range of MMA by tunneling technique.

An Efficient Multicast-based Binding Update Scheme for Network Mobility

  • Kim, Moon-Seong;Radha, Hayder;Lee, Jin-Young;Choo, Hyun-Seung
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.2 no.1
    • /
    • pp.23-35
    • /
    • 2008
  • Mobile IP (MIP) is the solution supporting the mobility of Mobile Nodes (MNs), however, it is known to lack the support for NEtwork MObility (NEMO). NEMO manages situations when an entire network, composed of one or more subnets, dynamically changes its point of attachment to the Internet. NEMO Basic Support (NBS) protocol ensures session continuity for all the nodes in a mobile network, however, there exists a serious pinball routing problem. To overcome this weakness, there are many Route Optimization (RO) solutions such as Bi-directional Tunneling (BT) mechanism, Aggregation and Surrogate (A&S) mechanism, Recursive Approach, etc. The A&S RO mechanism is known to outperform the other RO mechanisms, except for the Binding Update (BU) cost. Although Improved Prefix Delegation (IPD) reduces the cost problem of Prefix Delegation (PD), a well-known A&S protocol, the BU cost problem still presents, especially when a large number of Mobile Routers (MRs) and MNs exist in the environment such as train, bus, ship, or aircraft. In this paper, a solution to reduce the cost of delivering the BU messages is proposed using a multicast mechanism instead of unicasting such as the traditional BU of the RO. The performance of the proposed multicast-based BU scheme is examined with an analytical model which shows that the BU cost enhancement is up to 32.9% over IPDbased, hence, it is feasible to predict that the proposed scheme could benefit in other NEMO RO protocols.

Advanced Fast Handover Scheme for Reliable Multimedia Communication in IP-based Wireless/Mobile Networks (안정적인 멀티미디어 통신을 위한 Mobile IPv6 네트워크에서 진보된 고속 핸드오버 기법)

  • Lee, Ki-Jeong;Park, Byung-Joo;Park, Gil-Cheol
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.9 no.3
    • /
    • pp.93-99
    • /
    • 2009
  • The Internet Engineering Task Force (lETF)proposed the Mobile IPv6 protocol to provide host mobility in IPv6-based network and to offer a standardized technology. However, Mobile IPv6 (MIPv6) is not applied in actual network because of long handover latency and packet loss problems. Therefore, to compensate these drawbacks, many studies are in progress and FMIPv6 (Fast handover for Mobile IPv6) is one of the studies that has been proposed to supplement the shortcomings of MIPv6. But there are problems occurred in using router tunneling which causes packet loss and out of sequence problems. In this paper, we propose an Advanced Mobile IPv6 (AMIPv6) protocol to minimize the handover latency when Mobile Node frequently moves in each subnet. We compared the performance analysis of AMIPv6 handover latency with MIPv6 handover latency in the same network environment to prove that AMIPv6 is more efficient.

  • PDF

A Differentiated Web Service System through Kernel-Level Realtime Scheduling and Load Balancing (커널 수준 실시간 스케줄링과 부하 분산을 통한 차별화된 웹 서비스 시스템)

  • 이명섭;박창현
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.28 no.6B
    • /
    • pp.533-543
    • /
    • 2003
  • Recently, according to the rapid increase of Web users, various kinds of Web applications have been being developed. Hence, Web QoS(Quality of Service) becomes a critical issue in the Web services, such as e-commerce, Web hosting, etc. Nevertheless, most Web servers currently process various requests from Web users on a FIFO basis, which can not provide differentiated QoS. This paper presents two approaches to provide differentiated Web QoS. The first is the kernel-level approach, which is adding a real-time scheduling processor to the operating system kernel to maintain the priority of user requests determined by the scheduling processor of Web server. The second is the load-balancing approach, which uses If-level masquerading and tunneling technology to improve reliability and response speed upon user requests.