TY - GEN
T1 - A probing technique for discovering last-matching rules of a network firewall
AU - Salah, K.
AU - Sattar, K.
AU - Sqalli, M.
AU - Al-Shaer, Ehab
PY - 2008
Y1 - 2008
N2 - In this paper we identify a potential probing technique for discovering the last-matching rules of the security of a firewall. The last-matching rules are those rules are located at the bottom of the ruleset of a firewall's policy, and would require the most processing time the firewall. If these rules are discovered, an attacker can launch an effective low-rate DoS attack to trigger case or near worst-case processing, and thereby the firewall and bringing it to its knees. As a of concept, we developed a prototype program that the detection algorithm and validated its effectiveness experimentally.
AB - In this paper we identify a potential probing technique for discovering the last-matching rules of the security of a firewall. The last-matching rules are those rules are located at the bottom of the ruleset of a firewall's policy, and would require the most processing time the firewall. If these rules are discovered, an attacker can launch an effective low-rate DoS attack to trigger case or near worst-case processing, and thereby the firewall and bringing it to its knees. As a of concept, we developed a prototype program that the detection algorithm and validated its effectiveness experimentally.
UR - http://www.scopus.com/inward/record.url?scp=67649467712&partnerID=8YFLogxK
U2 - 10.1109/INNOVATIONS.2008.4781670
DO - 10.1109/INNOVATIONS.2008.4781670
M3 - Conference contribution
AN - SCOPUS:67649467712
SN - 9781424433971
T3 - 2008 International Conference on Innovations in Information Technology, IIT 2008
SP - 578
EP - 582
BT - 2008 International Conference on Innovations in Information Technology, IIT 2008
T2 - 2008 International Conference on Innovations in Information Technology, IIT 2008
Y2 - 16 December 2008 through 18 December 2008
ER -