Denial of Firewalling
نویسندگان
چکیده
Firewalls are critical security devices handling all traffic in and out of a network. When under heavy load of both malicious and legitimate traffic, firewalls may be overloaded and start discarding or permitting packets without checking firewall rules, which can cause huge revenue losses or security breaches. In this paper, we study Denial of Firewalling attacks, where attackers use well-crafted traffic to effectively overwhelm a firewall. We first investigate firewall implementation characteristics that can be exploited for such attacks while treating the firewall as a black box. We conducted our studies on a testbed with three popular firewall devices. Second, given a remote firewall, we propose methods for attackers to infer the implementation of the firewall. We develop firewall fingerprinting techniques based on firewall decisions on a sequence of TCP packets with unusual flags and machine learning techniques for inferring firewall implementation. Finally, we present methods that attackers can use to generate the traffic that can effectively overload an identified remote firewall. We show that some firewalls can be easily overloaded by a small volume of carefully crafted traffic.
منابع مشابه
A Cross-Layer Approach for Mitigating Denial of Service Attacks: Device-Driver Packet Filter and Remote Firewalling
This paper presents two methods to mitigate distributed denial of service attacks and flash crowds: device driver level packet filtering and remote firewall. Device driver level packet filtering is designed to eliminate harmful network traffic before it consumes the processing resource for higher network protocol layers at a production server. The remote firewall is designed with a cross-layer ...
متن کاملA Firewalling Scheme for Securing MPOA-Based Enterprise Networks
A well-known security problem with MPOA is that cut-through connections generally bypasses firewall routers if there are any. None of the previously proposed approaches solved the problem properly. In this paper, we propose a novel firewalling scheme for MPOA that nicely fixes the security hole. Our firewalling scheme has three outstanding advantages that make it ideal for securing MPOA-based e...
متن کاملCompartmentation Policies for Android Apps: A Combinatorial Optimization Approach
Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through co...
متن کاملThe Errors of Individualistic Public Health Interventions: Denial of Treatment to Obese Persons; Comment on “Denial of Treatment to Obese Patients—the Wrong Policy on Personal Responsibility for Health”
I agree entirely with Nir Eyal’s perspective that denying treatment to obese patients is morally wrong. However, the reasons for this belief differ in some ways from Eyal’s analysis. In this commentary, I will try to explain the similarities and differences in our perspectives. My primary claim is that the denial of treatment to obese patients is wrong principally because (i) it eschews a whole...
متن کاملProtecting SSH at the Transport Layer
SSH daemons are common targets for brute force attacks. Through log monitoring and firewalling, the impact of these attacks on both security and bandwidth consumption can be minimised. We consider a number of implementations and employ Stockade [1] as a backend to SSHGuard [2] for blocking attackers.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011