A delay-based probing technique for the discovery of a firewall's accept rules

M. K. Alhamwi; O. Al-Hmouz; M. H. Sqalli; K. Salah

doi:10.1109/IEEEGCC.2011.5752565

A delay-based probing technique for the discovery of a firewall's accept rules

M. K. Alhamwi, O. Al-Hmouz, M. H. Sqalli, K. Salah

Computer & Communication Engineering

King Fahd University for Petroleum and Minerals (KFUPM)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.

Original language	British English
Title of host publication	2011 IEEE GCC Conference and Exhibition, GCC
Pages	445-448
Number of pages	4
DOIs	https://doi.org/10.1109/IEEEGCC.2011.5752565
State	Published - 2011
Event	2011 IEEE GCC Conference and Exhibition, GCC 2011 - Dubai, United Arab Emirates Duration: 19 Feb 2011 → 22 Feb 2011

Publication series

Name	2011 IEEE GCC Conference and Exhibition, GCC 2011

Conference

Conference	2011 IEEE GCC Conference and Exhibition, GCC 2011
Country/Territory	United Arab Emirates
City	Dubai
Period	19/02/11 → 22/02/11

Keywords

Computer and Network Security
DoS attacks
Firewalls
Probing

Access to Document

10.1109/IEEEGCC.2011.5752565

Cite this

@inproceedings{263bd7ddc178400fbab1d88a36f8c262,

title = "A delay-based probing technique for the discovery of a firewall's accept rules",

abstract = "Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.",

keywords = "Computer and Network Security, DoS attacks, Firewalls, Probing",

author = "Alhamwi, {M. K.} and O. Al-Hmouz and Sqalli, {M. H.} and K. Salah",

year = "2011",

doi = "10.1109/IEEEGCC.2011.5752565",

language = "British English",

isbn = "9781612841199",

series = "2011 IEEE GCC Conference and Exhibition, GCC 2011",

pages = "445--448",

booktitle = "2011 IEEE GCC Conference and Exhibition, GCC",

note = "2011 IEEE GCC Conference and Exhibition, GCC 2011 ; Conference date: 19-02-2011 Through 22-02-2011",

}

Alhamwi, MK, Al-Hmouz, O, Sqalli, MH & Salah, K 2011, A delay-based probing technique for the discovery of a firewall's accept rules. in 2011 IEEE GCC Conference and Exhibition, GCC., 5752565, 2011 IEEE GCC Conference and Exhibition, GCC 2011, pp. 445-448, 2011 IEEE GCC Conference and Exhibition, GCC 2011, Dubai, United Arab Emirates, 19/02/11. https://doi.org/10.1109/IEEEGCC.2011.5752565

TY - GEN

T1 - A delay-based probing technique for the discovery of a firewall's accept rules

AU - Alhamwi, M. K.

AU - Al-Hmouz, O.

AU - Sqalli, M. H.

AU - Salah, K.

PY - 2011

Y1 - 2011

N2 - Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.

AB - Firewalls are widely used nowadays to protect networks, and they may also become the target of DoS attacks. To achieve this, the attacker needs to recognize the firewall access control list, i.e., rule-set, and the order of rules inside this list. The attacker can then launch an attack by targeting rules at the bottom of this list. This makes the firewall busy with processing dummy requests, its performance degrades sharply, and it may go down. In this paper, a method to identify the order of the rules within the rule-set is presented. Then, a mechanism to make the sampling algorithm more efficient is described. We focus on discovering information related to the accept-rules only of a firewall's policy. Results show that a high level of precision and recall can be obtained for deducing the order of rules within a rule-set while requiring a very low cost.

KW - Computer and Network Security

KW - DoS attacks

KW - Firewalls

KW - Probing

UR - http://www.scopus.com/inward/record.url?scp=79957986954&partnerID=8YFLogxK

U2 - 10.1109/IEEEGCC.2011.5752565

DO - 10.1109/IEEEGCC.2011.5752565

M3 - Conference contribution

AN - SCOPUS:79957986954

SN - 9781612841199

T3 - 2011 IEEE GCC Conference and Exhibition, GCC 2011

SP - 445

EP - 448

BT - 2011 IEEE GCC Conference and Exhibition, GCC

T2 - 2011 IEEE GCC Conference and Exhibition, GCC 2011

Y2 - 19 February 2011 through 22 February 2011

ER -

A delay-based probing technique for the discovery of a firewall's accept rules

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this