Title :
A delay-based probing technique for the discovery of a firewall´s accept rules
Author :
Alhamwi, M.K. ; Al-Hmouz, O. ; Sqalli, M.H. ; Salah, K.
Author_Institution :
Coll. of Comput. Sci. & Eng., King Fahd Univ. of Pet. & Miner., Dhahran, Saudi Arabia
Abstract :
Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall´s policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.
Keywords :
authorisation; computer network security; DoS attacks; delay-based probing technique; firewall accept rules discovery; firewall access control list; network protection; rule-set; Computer crime; Delay; Fires; IP networks; Image reconstruction; Probes; Protocols; Computer and Network Security; DoS attacks; Firewalls; Probing;
Conference_Titel :
GCC Conference and Exhibition (GCC), 2011 IEEE
Conference_Location :
Dubai
Print_ISBN :
978-1-61284-118-2
DOI :
10.1109/IEEEGCC.2011.5752565
