Title :
Analysis of ICMP policy for edge firewalls using active probing
Author :
Hyeonwoo Kim ; Dongwoo Kwon ; Hongtaek Ju
Author_Institution :
Dept. of Comput. Eng., Keimyung Univ., Daegu, South Korea
Abstract :
The method of inferring firewall policy, using Active Probing repeats the process of transmitting TCP/UDP/ICMP packets and receiving ICMP response packets. However, if ICMP response packets cannot be received normally, the accuracy of inferring the firewall policy decreases, and it is necessary to verify the feasibility in real conditions. In this paper, we collect Autonomous System (AS) information to investigate the tolerance of ICMP intended for all AS across the world in addition to DNS server information, which is operational within AS. We confirm whether ICMP response packets are received or not by transmitting probing packets to the DNS server. Finally, we propose the AS information that received ICMP packets as the result of the test.
Keywords :
Internet; firewalls; transport protocols; DNS server information; ICMP policy; ICMP response packet; TCP/UDP/ICMP packets; active probing; autonomous system information; edge firewalls; firewall policy; probing packets; Educational institutions; Filtering; Firewalls (computing); IP networks; Internet; Protocols; Servers; Active Probing; Autonomous System; Edge Firewall; Firewall Policy; ICMP;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2014 16th Asia-Pacific
Conference_Location :
Hsinchu
DOI :
10.1109/APNOMS.2014.6996591
