A potential low-rate DoS attack against network firewalls

K. Salah, K. Sattar, M. Sqalli, Ehab Al-Shaer

Research output: Contribution to journalArticlepeer-review

21 Scopus citations

Abstract

In this paper we identify a potential Denial of Service (DoS) attack that targets the last-matching rules of the security policy of a firewall. The last-matching rules are those rules that are located at the bottom of the ruleset of a firewall's security policy, and would require the most processing time by the firewall. If these rules are discovered, an attacker can potentially launch an effective low-rate DoS attack to trigger worst-case or near worst-case processing, thereby overwhelming the firewall and bringing it to its knees. In this paper, we present a probing technique to remotely discover the last-matching rules of a firewall. We study experimentally the effectiveness of this probing technique taking into account important factors such as the firewall's motherboard architecture and load conditions at network links and hosts. In addition we examine the impact of launching a low-rate DoS attack on a firewall's performance. The performance is studied in terms of the firewall's CPU utilization and throughput, packet loss, and latency.

Original languageBritish English
Pages (from-to)136-146
Number of pages11
JournalSecurity and Communication Networks
Volume4
Issue number2
DOIs
StatePublished - Feb 2011

Keywords

  • Complexity-algorithm attacks
  • DoS attacks
  • Firewalls
  • Network security

Fingerprint

Dive into the research topics of 'A potential low-rate DoS attack against network firewalls'. Together they form a unique fingerprint.

Cite this