Your search keyword '"Nat"' showing total 14 results

1. Improved Reachability Analysis for Security Management.

Author

Basile, Cataldo, Canavese, Daniele, Lioy, Antonio, and Pitscheider, Christian

Abstract

Network reachability analysis evaluates the actual connectivity of an IT infrastructure. It can be performed by active network probing or examining a formal model of a target IT infrastructure. The latter approach is preferable as it does not interfere with the normal network behaviour and can be easily used during development and change management phases. In this paper we propose a novel modelling approach based on a geometric representation of device configurations (i.e. the policies) which allows the computation of the reachability analysis using the concept of equivalent firewall. An equivalent firewall is a fictitious device, ideally connected directly to the communication endpoints, that summarizes the network behaviour between them. Our model supports routing, filtering and address translation devices in a computationally effective way. In fact, the experimental results show that the computation of equivalent firewalls is performed in a negligible time and that then the reachability queries are answered in few seconds. [ABSTRACT FROM PUBLISHER]

Published

2013

2. Petri Net Modeling of SIP of Traversing NAT Based on STUN.

Author

Meng, Xiao-jing and Chen, Rui

Abstract

Petri net is widely used in the simulation and analysis of the discrete event systems because of the features such as intuition, simplicity and understandability. The paper used Petri net to model and analyse SIP protocol of traversing NAT. Firstly the paper proposed using STUN to implement the NAT traversal of SIP protocol and simply introduced the advantages of Petri net modeling, then introduced the related knowledge of SIP and NAT and pointed out the impact of NAT on SIP protocol, and then detailedly described the SIP session interaction process of traversing NAT based on STUN, finally this process was modeled using Petri net and further made the reach ability analysis. In this way, the paper clearly and intuitively showed the voice communication process between the private network hosts by SIP protocol. [ABSTRACT FROM PUBLISHER]

Published

2012

3. A bare PC NAT box.

Author

Tsetse, A.K., Wijesinha, A. L., Karne, R. K., and Loukili, A.

Abstract

Bare PC systems are of interest to builders of minimalist platforms in the next-generation Internet. The bare platform enables software to run directly on ordinary PC hardware without using any operating system or kernel. Bare PC systems perform better than conventional systems and are immune to attacks that target the underlying operating system. We have designed and implemented a bare PC system to perform the essential function of NAT (Network Address Translation) that occurs at the boundary of all private and public networks including ISP boundaries in homes and businesses. We compared the performance of the bare PC NAT and that of a Linux-based NAT running on the same hardware in a test LAN environment. The results show that the bare PC NAT has significantly better performance than the Linux NAT with respect to inbound and outbound packet processing time, and throughput, regardless of packet size and payload application type. Moreover, there is a 34% improvement in the maximum number of packets per second (pps) over Linux under heavy traffic. Internal timings on the bare PC NAT box indicate that there is plenty of capacity left for implementing supplementary functions such as packet filtering, deep packet inspection, and routing if needed. [ABSTRACT FROM PUBLISHER]

Published

2012

4. RobustTrav: NAT Optimisation for the RobustCooperation Suite.

Author

Beckmann, Christoph, Gross, Tom, and Kastl, Ferdinand

Abstract

Cooperative systems supporting remote teams are based on distributed software architectures. Underneath most of these architectures is the Internet Protocol version 4 (IPv4), which acts as technological backbone. Despite its strengths, the IPv4 also entails challenges for developers of such systems for getting system messages through firewalls without increasing latency and bringing delays for users. In this paper we introduce the Robust Cooperation Suite for communication, coordination, and collaboration, as well as its Robust Trav mechanism for effective and efficient NAT traversal. [ABSTRACT FROM PUBLISHER]

Published

2012

5. A rule based DDoS detection and mitigation technique.

Author

Khamruddin, Md. and Rupa, Ch.

Abstract

Distributed Denial of Service (DDoS) is a type of attack in which the attacker tries to degrade the performance of server (or) network so that the server may not provide service to legitimate users. Since there is a huge increase in DDoS attacks which has created many financial losses in the E-Commerce world. To avoid the losses incurred because of DDoS attacks, efficient mechanisms are required to counter these attacks. In the proposed approach routers collectively try to mitigate the DDoS attack on the server. There are three steps in the proposed approach, initially, for attack detection and classification destination router (which is attached to the victim) monitors continuously the traffic pattern. Second, once the attack is detected destination router tries to balance the load using the NAT (Network Address Translator). Third, whenever the attack is detected to mitigate different types of attacks, the signature is pushback to upstream routers so that the upstream routers start monitoring the traffic and apply the mitigation mechanism depending on type of attack detected. [ABSTRACT FROM PUBLISHER]

Published

2012

6. STUNT Technology in P2P Network Application.

Author

Suli, Wang and Ganlai, Liu

Abstract

This paper introduces the STUNT technology principles, describes the design and implementation process of the STUNT protocol to make TCP holes between two clients in different Local area Networks to achieve clients' connection, and then solves the communication problems in multiple NAT network. [ABSTRACT FROM PUBLISHER]

Published

2012

7. An Enhanced Port Forwarding (EPF) solution for NAT traversal in 3GPP Machine Type Communications.

Author

Chen, Whai-En, Chiu, Chun-Chieh, Chang, Yuan-Bo, and Chiang, Ying-Wei

Abstract

Recently, the key issues of Machine-to-Machine (M2M) communications also known as Machine Type Communications (MTC) are widely discussed in 3rd Generation Partnership Project (3GPP). One of the key issues for MTC is the IP addressing issue. IPv6 address space is preferred to use in MTC. However, the private IPv4 addresses are used for current configurations. Thus, the Network Address Translation (NAT) traversal problem should be resolved for MTC in 3GPP architecture. In this paper, we introduce the architectures and call flows of three NAT traversal solutions defined in 3GPP 23.888. Those are the NAT Traversal through Tunneling (NATTT) solution, the Managed NAT solution and the Non-managed NAT solution. Then we propose an Enhanced Port Forwarding (EPF) solution to minimize the impacts on the MTC device and 3GPP core network. Finally, we analyze and compare the proposed EPF solution with the existing solutions. [ABSTRACT FROM PUBLISHER]

Published

2012

8. A 6to4 gateway with co-located NAT.

Author

Tsetse, Anthony K., Wijesinha, Alexander L., Karne, Ramesh K., and Loukili, Alae

Abstract

IPv6 was proposed as the next-generation IP primarily to deal with the problem of IPv4 address depletion caused by the rapid growth of the Internet. 6to4 tunneling is one of the currently used transition mechanisms for enabling IPv6 devices and networks to connect to today's Internet, which is primarily IPv4-based. Since most internal networks use private IPv4 addresses, it becomes necessary to provide both 6to4 and NAT functionality at the network boundary in order to handle IPv4 and IPv6 traffic. We evaluate the performance of a 6to4 Linux gateway with a co-located NAT. To enable 6to4 and NAT overhead to be determined, we also compare performance of the Linux gateway and a compatible 6to4 gateway with a co-located NAT that runs on a bare PC with no operating system or kernel installed. We describe the design and implementation of the bare PC 6to4 gateway with a co-located NAT, and also compare the performance of 6to4 in a test LAN with a co-located and a decoupled NAT (where 6to4 and NAT run on different devices). We conducted experiments with HTTP and VoIP traffic, and also measured RTT and CPU utilization. The results show that performance using 6to4 with a co-located NAT is better than with a decoupled NAT regardless of whether a Linux or a bare 6to4 gateway is used. In general, performance improvements with a co-located versus a decoupled NAT range from 34%–57% for the bare PC gateway and 7%–45% for the Linux gateway. Furthermore, performance improvements for a bare PC versus a Linux gateway range from 23%–86% with co-located and decoupled NATs. A 6to4 gateway with a co-located NAT can be used to improve network performance during the IPv6-IPv4 transition. [ABSTRACT FROM PUBLISHER]

Published

2012

9. Erlang-based dimensioning for IPv4 Address+Port translation.

Author

Fourcot, Florent, Grelot, Bertrand, Kraemer, Isabelle, Perrin, Frederic, Maille, Patrick, Ropitault, Tanguy, and Toutain, Laurent

Abstract

As the IPv4 address pool is being exhausted, it becomes urgent to find a way to migrate IPv4 network architectures to IPv6, or to reduce the use of IPv4 addresses. In this paper, we discuss a strategy known as “Address + Port” translation, which consists in several users sharing the same IPv4 address and being distinguished by a range of port numbers. Of critical importance for the feasibility of such a mechanism is the knowledge of the minimum number of ports to allocate to users so that no service degradation is perceived. To that extent, we analyse the port consumption of the most port-consuming Internet applications, web browsing, and present some aggregate port consumption curves for the student population of our campus. Our results suggest that a port range of 1000 ports is totally transparent to users (which would allow to share a single IPv4 address among 64 users), while 400 ports (i.e., 150 users per address) is sufficient for most of users. Finally, the number of users per address could be further improved by benefiting from statistical multiplexing, i.e., using dynamical instead of fixed port range allocation. [ABSTRACT FROM PUBLISHER]

Published

2012

10. An Efficient IPTV Distribution Technique under NAT Environment.

Author

Chen, Ming-Huang, Chen, Yaw-Chung, and Jia, Wen-Kang

Abstract

IPTV is an emerging Internet application that pumps heavy video traffic to both access networks and ISP backbones. Due to the lack of commercial deployment of IP multicast, huge volume of streaming traffic may overload the servers. Hence, P2P IPTV distribution becomes popular and advances quickly. P2P IPTV uses two approaches: tree-push and mesh-pull. The latter has experienced a number of successful deployments with large online population. In this work, we propose a novel IPTV distribution technique that allows the streaming server to send a single copy instead of multiple copies for distributing video content to a group of recipients under the NAT environment, which is very common in both residential and business local area networks. Experiment shows that our proposed technique not only greatly saves the bandwidth but also improves quality of service of IPTV significantly. [ABSTRACT FROM PUBLISHER]

Published

2012

11. Shuffling with a Croupier: Nat-Aware Peer-Sampling.

Author

Dowling, Jim and Payberah, Amir H.

Abstract

Despite much recent research on peer-to-peer (P2P) protocols for the Internet, there have been relatively few practical protocols designed to explicitly account for Network Address Translation gateways (NATs). Those P2P protocols that do handle NATs circumvent them using relaying and hole-punching techniques to route packets to nodes residing behind NATs. In this paper, we present Croupier, a peer sampling service (PSS) that provides uniform random samples of nodes in the presence of NATs in the network. It is the first NAT-aware PSS that works without the use of relaying or hole-punching. By removing the need for relaying and hole-punching, we decrease the complexity and overhead of our protocol as well as increase its robustness to churn and failure. We evaluated Croupier in simulation, and, in comparison with existing NAT-aware PSS', our results show similar randomness properties, but improved robustness in the presence of both high percentages of nodes behind NATs and massive node failures. Croupier also has substantially lower protocol overhead. [ABSTRACT FROM PUBLISHER]

Published

2012

12. Study and implement of VPN penetrating NAT based on IPSec protocol.

Author

Zhaolin Jiang and Yonghong Xie

Abstract

This paper aims to explore how to address the compatibility of IPSec and NAT, by the research based on IPSec and NAT, a VPN system to solve the compatibility VPN of IPSec and NAT is designed and complemented. First studies the NAT and IPSec protocol and the penetration of NAT based on UDP, describes the existing methods to solve the compatibility and their shortcomings, proposes using of UDP encapsulation of IPSec packets ways to improve the way of IPSec through NAT. For the main problems of achievement of IPSec VPN, including: traversing NAT of LAN interconnection, encapsulating of IPSec packets, and programming, ideas and a complete solution are put forwarded, enabling the LAN connection with Internet networking, exchange of visits to free safety. Experiments show that the system's network traversing and the IPSec data protection meet the needs of practical applications. [ABSTRACT FROM PUBLISHER]

Published

2011

13. A virtual TPM architecture for providing Infrastructure a service in cloud computing.

Author

Rudra, Tarashankar

Subjects

CLOUD computing, VIRTUAL machine systems, COMPUTER operating systems, VIRTUAL networks, SOFTWARE as a service

Abstract

A trust platform module has become a standard chip in all high performance computers. In this paper, we present the architecture to implement a system that provides trusted computing by hosting a number of operating systems as virtual machines. Our proposed architecture is implemented on a hypervisor running multiple operating systems. [ABSTRACT FROM AUTHOR]

Published

2015

14. The Network Security Regime for the Hybrid Connection of Healthcare Entities.

Author

Ip, Chon Hou, Pun, Sio Hang, Vai, Mang I., and Mak, Peng Un

Abstract

The rapid development of the blooming city requires to expand the government healthcare services for the public because of increasing inhabitants. Additional temporary government healthcare service is set up within a university having an operating hospital in order to solve the urgent requests of the mass amount of the inhabitant. This has resulting resources (medical equipment and IT services) sharing by these healthcare entities but independent operations should be maintained. In order to keep the privacy and security of the digital data and patient data, this paper proposes a method of creating a new subnet as common network area for sharing the resources, while maintaining their independencies at the same time. We have added the network security appliances (firewalls) connecting to the healthcare entities. Through the features of network address translation (NAT), network policy and access control list, this common subnet with hybrid connection (university hospital network and the government hospital network) can accessed by these entities via the specified IP addresses. As a result, the existing IP addresses for each healthcare entity network can be retained, and providing the secured method to grant the access right to the common area to share the digitalized medical resources. In order to protect the security of the cooperated hospital's internal networks, unauthorized traffic into and out of the subnet is blocked or restricted by firewalls as per policies configured. [ABSTRACT FROM PUBLISHER]

Published

2012