FireCracker: A Framework for Inferring Firewall Policies using Smart Probing

A firewall policy that is correct and complete is crucial to the safety of a computer network. An adversary will benefit a lot from knowing the policy or its semantics. In this paper, we propose a framework that could be used to blindly discover a firewall policy remotely as a black box and without prior knowledge about the network configuration. We show how an attacker can reconstruct a firewall´s policy by probing the firewall with tailored packets into a network and forming an idea of what the policy looks like. The proposed methodology shows how to discover a policy that is semantically equivalent to the original one used in the deployed firewall. Three techniques are proposed for reconstructing the policy as well as to intelligently choose the probing packets adaptively based on the firewall response. We show the possibility of obtaining the deployed policy in a feasible time with acceptable accuracy.