Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Firewall Policy Reconstruction by Active Probing: An Attacker's View

Summary: Firewall Policy Reconstruction by Active Probing:
An Attacker's View
Taghrid Samak, Adel El­Atawy, Ehab Al­Shaer, Hong Li
School of Computer Science, Telecommunication, and Information Systems Information Technology Research
DePaul University Intel Corporation
Chicago, Illinois 60604 Folsom, CA 95630
{taghrid,aelatawy,ehab}@cs.depaul.edu hong.c.li@intel.com
Abstract--- Having a firewall policy that is correct and complete
is crucial to the safety of the computer network. An adversary
will benefit a lot from knowing the policy or its semantics. In this
paper we show how an attacker can reconstruct a firewall's policy
by probing the firewall by sending tailored packets into a network
and forming an idea of what the policy looks like. We present
two approaches of compiling this information into a policy that
can be arbitrary close to the original one used in the deployed
firewall. The first approach is based on region growing from
single firewall response to sample packets. The other approach
uses split­and­merge in order to divide the space of the firewall's
rules and analyzes each independently. Both techniques merge
the results obtained into a more compact version of the policies


Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University


Collections: Computer Technologies and Information Sciences