Academic Commons

Articles

Transient Addressing for Related Processes: Improved Firewalling by Using IPV6 and Multiple Addresses per Host

Gleitz, Peter M.; Bellovin, Steven Michael

Traditionally, hosts have tended to assign relatively few network addresses to an interface for extended periods. Encouraged by the new abundance of addressing possibilities provided by IPv6, we propose a new method, called Transient Addressing for Related Processes (TARP), whereby hosts temporarily employ and subsequently discard IPv6 addresses in servicing a client host's network requests. The method provides certain security advantages and neatly finesses some well-known firewall problems caused by dynamic port negotiation used in a variety of application protocols. A prototype implementation exists as a small set of kame/BSD kernel enhancements and allows socket programmers and applications nearly transparent access to TARP addressing's advantages.

Subjects

Files

More About This Work

Academic Units
Computer Science
Published Here
June 24, 2010

Notes

Proceedings of the Tenth USENIX Security Symposium: August 13-17, 2001, Washington, D.C., USA (Berkeley, CA: USENIX Association, 2001).

Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.