V.P. Ranganath and D. Andresen (USA)
TCP/IP, firewalls, Linux, iptables, packet filtering
Firewalls, and packet classification in general, are be coming more and more significant as data rates soar and hackers become increasingly sophisticated - and more forceful. In this paper, we present a new packet classification approach that uses set theory to classify packets. This approach has significant theoretical ad vantages over current approaches. We demonstrate its practicality by implementing a firewall subsystem in Linux which approaches the performance of today's naive packet-filtering implementations.
Important Links:
Go Back
