Ninth International Network Conference (INC 2012)

Port Elizabeth, South Africa, July 11-12, 2012
ISBN: 978-1-84102-315-1

Title: Performance Evaluation of On-Demand IP Address Assignment for Layer-2 Devices
Author(s): Ruediger Gad, Daniel Baulig, Martin Kappes, Robin Mueller-Bady
Reference: pp15-24
Keywords: Network Security, Performance, Data Link Layer, Network Layer
Abstract: While data link layer devices require no IP address for their operation, they often are run with an IP address assigned for configuration or monitoring purposes rendering the device potentially susceptible to attacks over the network. In this paper, we analyze the performance aspects of a prototypical implementation for assigning an IP address to such a device on demand analogous to port knocking on firewalls, allowing a safer IP-less operation when IP connectivity is not needed while retaining the possibility to connect to the device over IP at any time. Our results indicate that our technique can be employed with virtually no performance penalty.
