Sunday, August 28, 2011

Research: US MNOs Firewall Policies Degrade Network Performance

A research paper by Zhaoguang Wang, Zhiyun Qian, Qiang Xu, Z. and Morley Mao (pictured) from the University of Michigan and Ming Zhang from Microsoft Research finds that key NAT and firewall policies used by celluar operators in the US have direct implications on performance, energy, and security.

For example, the research found that "One of the largest U.S. carriers is found to configure firewalls to buffer out-of-order TCP packets for a long time, likely for the purpose of deep packet inspection. This unexpectedly interferes with TCP Fast Retransmit and Forward RTO-Recovery, severely degrading TCP performance triggered merely by a single packet loss"

See "An Untold Story of Middleboxes in Cellular Networks" - here.


"We present NetPiculet, the first tool that unveils carriers’ NAT and firewall policies by conducting intelligent measurement. By running NetPiculet in the major U.S. cellular providers as well as deploying it as a smartphone application in the wild in more than 100 cellular ISPs, we identified the key NAT and firewall policies which have direct implications on performance, energy, and security. For example, NAT boxes and firewalls set timeouts for idle TCP connections, which sometimes cause significant energy waste on mobile devices. Although most carriers today deploy sophisticated firewalls, they are still vulnerable to various attacks such as battery draining and denial of service. These findings can inform developers in optimizing the interaction between mobile applications and cellular networks and also guide carriers in improving their network configurations".

No comments:

Post a Comment