|
Security '01 Abstract
Transient Addressing for Related Processes: Improved Firewalling
by Using IPV6 and Multiple Addresses per Host
Peter M. Gleitz, U.S. Department of Defense, and
Steven M. Bellovin, AT&T Labs–Research
Abstract
Traditionally, hosts have tended to assign relatively few
network addresses to an interface for extended periods.
Encouraged by the new abundance of addressing
possibilities provided by IPv6, we propose a new
method, called Transient Addressing for Related Processes
(TARP), whereby hosts temporarily employ and
subsequently discard IPv6 addresses in servicing a client
host's network requests. The method provides certain
security advantages and neatly finesses some well-known
firewall problems caused by dynamic port negotiation
used in a variety of application protocols. A prototype
implementation exists as a small set of kame/BSD
kernel enhancements and allows socket programmers
and applications nearly transparent access to TARP addressing's
advantages.
- View the full text of this paper in
HTML,
PDF, and
PostScript.
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
