A delay-based probing technique for the discovery of a firewall´s accept rules

Author

Alhamwi, M.K. ; Al-Hmouz, O. ; Sqalli, M.H. ; Salah, K.

Author_Institution

Coll. of Comput. Sci. & Eng., King Fahd Univ. of Pet. & Miner., Dhahran, Saudi Arabia

fYear

2011

fDate

19-22 Feb. 2011

Firstpage

445

Lastpage

448

Abstract

Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall´s policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.

Keywords

authorisation; computer network security; DoS attacks; delay-based probing technique; firewall accept rules discovery; firewall access control list; network protection; rule-set; Computer crime; Delay; Fires; IP networks; Image reconstruction; Probes; Protocols; Computer and Network Security; DoS attacks; Firewalls; Probing;

fLanguage

English

Publisher

ieee

Conference_Titel

GCC Conference and Exhibition (GCC), 2011 IEEE

Conference_Location

Dubai

Print_ISBN

978-1-61284-118-2

Type

conf

DOI

10.1109/IEEEGCC.2011.5752565

Filename

5752565