IP (Internet Protocol) addresses, such as IPv4 (IP version 4) addresses are a limited resource that has to be recycled: when a user loses a connection, the address will be assigned to a new user. In case the old user has disconnected brutally, i.e. a connection is lost without having a chance to inform correspondent nodes about the connection loss, the address of the old user may have been reassigned to a new user before all of the old user's sessions have expired. As a result, the new user may receive packets that belong to the old user of the IPv4 address. For example, such connection losses are caused by the old user moving out of a coverage area or running out of battery.
Although the new user has not asked for these packets, he has to pay for receiving them anyway. This “overbilling” attack which happens e.g. in GPRS (General Packet Radio Service) and 3G (Third Generation) networks is a security incident.
Typically a stateful FW (FireWall) is used to stop incoming unsolicited packets. However, in the case of brutal disconnect the FW states (“pinholes”) are not reset, because the FW has not been notified about the loss of the connection. Both TCP (Transport Control Protocol) and UDP (User Datagram Protocol) packets get through, if they match an old pinhole.
The time to wait until an address can be reassigned, i.e. a “cooling” time, varies, because there are no standard values for either TCP retry limit or UDP soft state lifetime. Typically TCP gives up only after several minutes of trying (depending on implementation), and UDP soft states live at least one minute (depending on FW settings). Sessions can also end if a NAT (Network Address (and Port) Translator) along the path resets an address-port binding, because it has not been used for some predefined time. Details about NAT can be found in P. Srisuresh et al.: “Traditional IP Network Address Translator (Traditional NAT)”, Network Working Group, RFC 3022, January 2001. All of the above times can be different, and can be configured at different sites.
For example, an address cooling mechanism using IPv6 is described in applicant's WO 01/93540. However, previous suggestions of address cooling mechanisms have used only an estimate of the longest possible cooling period before an address can be reactivated, and used that to estimate the size of the required cooling queue. Such size may be uncomfortably large for IPv4.
Another suggestion is that the FW should read ICMP (Internet Control Message Protocol) error notifications transmitted to the senders, and close remaining pinholes to released addresses as described in applicant's U.S. 60/479,509. More details about ICMP are described by J. Postel: “Internet Control Message Protocol”, Network Working Group, RFC 792, September 1981.
Alternatively it has been suggested to use two FWs, one at Gn side of a GGSN (GPRS Gateway Serving Node) detecting PDP (Packet Data Protocol) context terminations, and another on the Gi side stopping packets to addresses that the first FW reports as unused. This solution is very expensive, because it requires installing FWs in many places. Also it is limited to GPRS and 3G networks.
Moreover, the FW suggestions may not help if a free address pool is small, and a new user happens to activate the same service that the old user had running. In this case the new user opens a pinhole that again lets the old user's session through.