Issues with network address translation for SCTP - Citegraph

Paper Info

Title
Issues with network address translation for SCTP

Abstract
A Stream Control Transmission Protocol (SCTP) capable Network Address Translation (NAT) device is necessary to support the wider deployment of the SCTP protocol. The key issues for an SCTP NAT are SCTP's control chunk multiplexing and multi-homing features. Control chunk multiplexing can expose an SCTP NAT to possible Denial of Service attacks. These can be mitigated through the use of chunk and parameter processing limits. Multiple and changing IP addresses during an SCTP association, mean that SCTP NATs cannot operate in the way conventional UDP/TCP NATs operate. Tracking these multiple global IP addresses can help in avoiding lookup table conflicts, however, it can also result in circumstances that can lead to NAT state inconsistencies. Our analysis shows that tracking global IP addresses is not necessary in most expected practical installations. We use our FreeBSD SCTP NAT implementation, alias_sctp to examine the performance implications of tracking global IP addresses. We find that typical memory usage doubles and that the processing requirements are significant for installations that experience high association arrival rates. In conclusion we provide practical recommendations for a secure stable SCTP NAT installation.

Year	DOI	Venue
2009	10.1145/1496091.1496095	Computer Communication Review
Keywords	Field	DocType
libalias,stream control transmission protocol sctp,global ip address,nat state inconsistency,control chunk multiplexing,sctp nat,sctp association,sctp protocol,freebsd,multiple global ip address,network address translation nat,ip address,network address translation,freebsd sctp nat implementation,secure stable sctp nat,lookup table,denial of service attack,stream control transmission protocol	Lookup table,Stream Control Transmission Protocol,Alias,Nat,Software deployment,Denial-of-service attack,Computer science,Computer security,Network address translation,Computer network,Multiplexing,Distributed computing	Journal
Volume	Issue	ISSN
39	1	0146-4833
Citations	PageRank	References
11	1.04	4
Authors
3

Authors (3 rows)

Cited by (11 rows)

References (4 rows)

Name	Order	Citations	PageRank
David A. Hayes	1	65	7.54
J. But	2	68	9.17
G. Armitage	3	1733	107.92

1