Title :
A probing technique for discovering last-matching rules of a network firewall
Author :
Salah, K. ; Sattar, K. ; Sqalli, M. ; Al-Shaer, Ehab
Author_Institution :
Dept. of Inf. & Comput. Sci., King Fahd Univ. of Pet. & Miner., Dhahran
Abstract :
In this paper we identify a potential probing technique for remotely discovering the last-matching rules of the security policy of a firewall. The last-matching rules are those rules that are located at the bottom of the ruleset of a firewall´s security policy, and would require the most processing time by the firewall. If these rules are discovered, an attacker can potentially launch an effective low-rate DoS attack to trigger worst-case or near worst-case processing, and thereby overwhelming the firewall and bringing it to its knees. As a proof of concept, we developed a prototype program that implements the detection algorithm and validated its effectiveness experimentally.
Keywords :
authorisation; knowledge based systems; pattern matching; DoS attack; last-matching rules; network firewall; probing technique; proof of concept; security policy; Computer crime; Computer science; Filtering; Home appliances; Information systems; Intrusion detection; Knee; Minerals; Petroleum; Telecommunication traffic;
Conference_Titel :
Innovations in Information Technology, 2008. IIT 2008. International Conference on
Conference_Location :
Al Ain
Print_ISBN :
978-1-4244-3396-4
Electronic_ISBN :
978-1-4244-3397-1
DOI :
10.1109/INNOVATIONS.2008.4781670
