A delay-based probing technique for the discovery of a firewall's accept rules

A delay-based probing technique for the discovery of a firewall's accept rules

Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Alhamwi, M K, Al-Hmouz, O, Sqalli, M H, Salah, K
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer and Network Security
Computer crime
Delay
DoS attacks
Fires
Firewalls
Image reconstruction
IP networks
Probes
Probing
Protocols
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 448
container_issue
container_start_page 445
container_title
container_volume
creator Alhamwi, M K
Al-Hmouz, O
Sqalli, M H
Salah, K
description Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.
doi_str_mv 10.1109/IEEEGCC.2011.5752565
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5752565</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5752565</ieee_id><sourcerecordid>5752565</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-b00e53727c5fd3b01316f99b793024f80745278ef44fb73d8fbeb346644b8e13</originalsourceid><addsrcrecordid>eNo1kL1OwzAYAI0QElD6BDB4Y0rwF_-PVRRKpQoGGNgqO_lMjUJT7BSUt-9AmU633HCE3AErAZh9WDVNs6zrsmIApdSykkqekbnVBhRURgBoeU6u_8W8X5J5zp-MMbBKK9BX5HlBO-zdVHiXsaP7NPi4-6Ajtttd_D4gDUOi4xZpF3M7_GCa6BCooyEm_HV9f5-pa1vcjzQdesw35CK4PuP8xBl5fWze6qdi_bJc1Yt1ES0bC88YSq4r3crQcc-AgwrWem05q0QwTAtZaYNBiOA170zw6LlQSghvEPiM3P5VIyJu9il-uTRtTgP4EYUJTtk</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A delay-based probing technique for the discovery of a firewall's accept rules</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Alhamwi, M K ; Al-Hmouz, O ; Sqalli, M H ; Salah, K</creator><creatorcontrib>Alhamwi, M K ; Al-Hmouz, O ; Sqalli, M H ; Salah, K</creatorcontrib><description>Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.</description><identifier>ISBN: 161284118X</identifier><identifier>ISBN: 9781612841182</identifier><identifier>EISBN: 9781612841175</identifier><identifier>EISBN: 1612841198</identifier><identifier>EISBN: 9781612841199</identifier><identifier>EISBN: 1612841171</identifier><identifier>DOI: 10.1109/IEEEGCC.2011.5752565</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer and Network Security ; Computer crime ; Delay ; DoS attacks ; Fires ; Firewalls ; Image reconstruction ; IP networks ; Probes ; Probing ; Protocols</subject><ispartof>2011 IEEE GCC Conference and Exhibition (GCC), 2011, p.445-448</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5752565$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,778,782,787,788,2054,27912,54907</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5752565$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Alhamwi, M K</creatorcontrib><creatorcontrib>Al-Hmouz, O</creatorcontrib><creatorcontrib>Sqalli, M H</creatorcontrib><creatorcontrib>Salah, K</creatorcontrib><title>A delay-based probing technique for the discovery of a firewall's accept rules</title><title>2011 IEEE GCC Conference and Exhibition (GCC)</title><addtitle>IEEEGCC</addtitle><description>Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.</description><subject>Computer and Network Security</subject><subject>Computer crime</subject><subject>Delay</subject><subject>DoS attacks</subject><subject>Fires</subject><subject>Firewalls</subject><subject>Image reconstruction</subject><subject>IP networks</subject><subject>Probes</subject><subject>Probing</subject><subject>Protocols</subject><isbn>161284118X</isbn><isbn>9781612841182</isbn><isbn>9781612841175</isbn><isbn>1612841198</isbn><isbn>9781612841199</isbn><isbn>1612841171</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNo1kL1OwzAYAI0QElD6BDB4Y0rwF_-PVRRKpQoGGNgqO_lMjUJT7BSUt-9AmU633HCE3AErAZh9WDVNs6zrsmIApdSykkqekbnVBhRURgBoeU6u_8W8X5J5zp-MMbBKK9BX5HlBO-zdVHiXsaP7NPi4-6Ajtttd_D4gDUOi4xZpF3M7_GCa6BCooyEm_HV9f5-pa1vcjzQdesw35CK4PuP8xBl5fWze6qdi_bJc1Yt1ES0bC88YSq4r3crQcc-AgwrWem05q0QwTAtZaYNBiOA170zw6LlQSghvEPiM3P5VIyJu9il-uTRtTgP4EYUJTtk</recordid><startdate>201102</startdate><enddate>201102</enddate><creator>Alhamwi, M K</creator><creator>Al-Hmouz, O</creator><creator>Sqalli, M H</creator><creator>Salah, K</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201102</creationdate><title>A delay-based probing technique for the discovery of a firewall's accept rules</title><author>Alhamwi, M K ; Al-Hmouz, O ; Sqalli, M H ; Salah, K</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-b00e53727c5fd3b01316f99b793024f80745278ef44fb73d8fbeb346644b8e13</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Computer and Network Security</topic><topic>Computer crime</topic><topic>Delay</topic><topic>DoS attacks</topic><topic>Fires</topic><topic>Firewalls</topic><topic>Image reconstruction</topic><topic>IP networks</topic><topic>Probes</topic><topic>Probing</topic><topic>Protocols</topic><toplevel>online_resources</toplevel><creatorcontrib>Alhamwi, M K</creatorcontrib><creatorcontrib>Al-Hmouz, O</creatorcontrib><creatorcontrib>Sqalli, M H</creatorcontrib><creatorcontrib>Salah, K</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Alhamwi, M K</au><au>Al-Hmouz, O</au><au>Sqalli, M H</au><au>Salah, K</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A delay-based probing technique for the discovery of a firewall's accept rules</atitle><btitle>2011 IEEE GCC Conference and Exhibition (GCC)</btitle><stitle>IEEEGCC</stitle><date>2011-02</date><risdate>2011</risdate><spage>445</spage><epage>448</epage><pages>445-448</pages><isbn>161284118X</isbn><isbn>9781612841182</isbn><eisbn>9781612841175</eisbn><eisbn>1612841198</eisbn><eisbn>9781612841199</eisbn><eisbn>1612841171</eisbn><abstract>Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.</abstract><pub>IEEE</pub><doi>10.1109/IEEEGCC.2011.5752565</doi><tpages>4</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 161284118X
ispartof 2011 IEEE GCC Conference and Exhibition (GCC), 2011, p.445-448
issn
language eng
recordid cdi_ieee_primary_5752565
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer and Network Security
Computer crime
Delay
DoS attacks
Fires
Firewalls
Image reconstruction
IP networks
Probes
Probing
Protocols
title A delay-based probing technique for the discovery of a firewall's accept rules
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T22%3A32%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20delay-based%20probing%20technique%20for%20the%20discovery%20of%20a%20firewall's%20accept%20rules&rft.btitle=2011%20IEEE%20GCC%20Conference%20and%20Exhibition%20(GCC)&rft.au=Alhamwi,%20M%20K&rft.date=2011-02&rft.spage=445&rft.epage=448&rft.pages=445-448&rft.isbn=161284118X&rft.isbn_list=9781612841182&rft_id=info:doi/10.1109/IEEEGCC.2011.5752565&rft_dat=%3Cieee_6IE%3E5752565%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9781612841175&rft.eisbn_list=1612841198&rft.eisbn_list=9781612841199&rft.eisbn_list=1612841171&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5752565&rfr_iscdi=true