Performance Evaluations of IPTables Firewall Solutions under DDoS attacks

Abstract

The paper presents design, background and experimental results of the IPTables applied in IPv4 and IP6Tables applied in IPv6 network compared through several tested parameters. The experimental testbed environment is based on P2P grid utilized for DDoS attacks. IPTables tool is used for packet filtering and consequently for preventing DoS/DDoS attacks. It allows a system administrator to configure the tables, the chains and rules it stores in order to manage the incoming and outgoing packets. The packets are treated according to the rules’ results provided by the packet processing. A rule in a chain can be bound with another chain in the table etc. We employ the P2P grid environment to carry out as well as to coordinate DDoS attack on the availability of services to simulate real DDoS attack launched indirectly through many compromised computing systems. The same routing protocols as well as the same firewall rules were used for IPv4 and for IPv6 network. The main aim was to analyse pros and cons of new IP6Tables tool compared with IPTables in IPv4 networks in light of the resistance to DDoS attacks which is still one of the most significant threats in the IPv6 networks.