Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

FireCracker: A Framework for Inferring Firewall Policies using Smart Probing

Summary: FireCracker: A Framework for Inferring Firewall
Policies using Smart Probing
Taghrid Samak, Adel El-Atawy, and Ehab Al-Shaer
DePaul University
Chicago, IL, USA 60604
{taghrid, aelatawy, ehab}@cs.depaul.edu
Abstract-- A firewall policy that is correct and complete is
crucial to the safety of a computer network. An adversary will
benefit a lot from knowing the policy or its semantics. In this
paper, we propose a framework that could be used to blindly
discover a firewall policy without prior knowledge. We show
how an attacker can reconstruct a firewall's policy by probing the
firewall with tailored packets into a network and forming an idea
of what the policy looks like. The proposed methodology shows
how to discover a policy that is semantically equivalent to the
original one used in the deployed firewall. Three techniques are
proposed for reconstructing the policy as well as to intelligently
choose the probing packets adaptively based on the firewall
response. We show the possibility of obtaining the deployed policy
in a feasible time with acceptable accuracy.


Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University


Collections: Computer Technologies and Information Sciences