A delay-based probing technique for the discovery of a firewall's accept rules

A delay-based probing technique for the discovery of a firewall's accept rules

Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Alhamwi, M K, Al-Hmouz, O, Sqalli, M H, Salah, K
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer and Network Security
Computer crime
Delay
DoS attacks
Fires
Firewalls
Image reconstruction
IP networks
Probes
Probing
Protocols
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.
DOI:10.1109/IEEEGCC.2011.5752565