Firewall Wizards mailing list archives
Re: New firewall paradigms, anyone ?
From: Vern Paxson <vern () ee lbl gov>
Date: Fri, 28 Nov 1997 22:39:54 PST
The first question to answer is whether network traffic is, in fact, simple and predictable. We don't know that. (That's one of the things The Guys and I are researching) I'd guess it is.
I wouldn't bet on it. I've taught courses on Internet measurement and one of the themes I develop is "there is no such thing as typical". Huge variation is instead what you find. Also, it's worth checking out "self-similar"/fractal traffic models, which fit to measured (aggregate) traffic much better than traditional models, and likewise predict huge variation.
Do you want to know about packets that have come more than 2 standard deviations outside of the normal inter-packet arrival time for a connection? What about packets that are out of sequence? Or packets that are out of sequence by more than 2 sequence numbers? Which is worse - closely out of sequence packets or wildly out of sequence packets? My guess is that closely out of sequence packets are worse but they are also closer to a "normal error"
You might want to check out a couple of my recent papers: End-to-End Internet Packet Dynamics Proc. SIGCOMM '97 ftp://ftp.ee.lbl.gov/papers/vp-pkt-dyn-sigcomm97.ps.Z Automated Packet Trace Analysis of TCP Implementations Proc. SIGCOMM '97 ftp://ftp.ee.lbl.gov/papers/vp-tcpanaly-sigcomm97.ps.Z and/or the chapters in my thesis on TCP behavior and network pathologies: ftp://ftp.ee.lbl.gov/papers/vp-thesis/dis.ps.gz whole thing ftp://ftp.ee.lbl.gov/papers/vp-thesis/README list of individual chapters - Vern
Current thread:
- Re: New firewall paradigms, anyone ? Vern Paxson (Nov 29)