• DocumentCode
    2717122
  • Title

    A probing technique for discovering last-matching rules of a network firewall

  • Author

    Salah, K. ; Sattar, K. ; Sqalli, M. ; Al-Shaer, Ehab

  • Author_Institution
    Dept. of Inf. & Comput. Sci., King Fahd Univ. of Pet. & Miner., Dhahran
  • fYear
    2008
  • fDate
    16-18 Dec. 2008
  • Firstpage
    578
  • Lastpage
    582
  • Abstract
    In this paper we identify a potential probing technique for remotely discovering the last-matching rules of the security policy of a firewall. The last-matching rules are those rules that are located at the bottom of the ruleset of a firewall´s security policy, and would require the most processing time by the firewall. If these rules are discovered, an attacker can potentially launch an effective low-rate DoS attack to trigger worst-case or near worst-case processing, and thereby overwhelming the firewall and bringing it to its knees. As a proof of concept, we developed a prototype program that implements the detection algorithm and validated its effectiveness experimentally.
  • Keywords
    authorisation; knowledge based systems; pattern matching; DoS attack; last-matching rules; network firewall; probing technique; proof of concept; security policy; Computer crime; Computer science; Filtering; Home appliances; Information systems; Intrusion detection; Knee; Minerals; Petroleum; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Innovations in Information Technology, 2008. IIT 2008. International Conference on
  • Conference_Location
    Al Ain
  • Print_ISBN
    978-1-4244-3396-4
  • Electronic_ISBN
    978-1-4244-3397-1
  • Type

    conf

  • DOI
    10.1109/INNOVATIONS.2008.4781670
  • Filename
    4781670
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2717122