Performance Evaluation and Comparison of Network Firewalls under DDoS Attack

Abstract

Network firewalls act as the first line of defense against unwanted and malicious traffic and also represent critical point of failure during DDoS attack. Predicting the overall firewall performance is crucial to network security administrators and designers in assessing the strength and effectiveness of network firewalls against DDoS attacks. In this paper, authors have made a humble attempt to study and compare DDoS performance of various types of firewalls in operation as on today. Analysis and detailed comparison is performed on open source packet filter (PF) firewall, Checkpoint SPLAT and Cisco ASA in a testing environment with laboratory generated DDoS traffic. It is attempted to identify various firewall DDoS performance parameters which can be considered during DDoS attack. Further, experiments are carried out to study effect of varying TCP Opening Timers on performance of stateful inspection firewall during Sync Flood attack. Also, in order to improve performance, intelligence is applied in PF firewall rulebase to mitigate DDoS.