Abstract
AbstractIn this paper we identify a potential Denial of Service (DoS) attack that targets the last‐matching rules of the security policy of a firewall. The last‐matching rules are those rules that are located at the bottom of the ruleset of a firewall's security policy, and would require the most processing time by the firewall. If these rules are discovered, an attacker can potentially launch an effective low‐rate DoS attack to trigger worst‐case or near worst‐case processing, thereby overwhelming the firewall and bringing it to its knees. In this paper, we present a probing technique to remotely discover the last‐matching rules of a firewall. We study experimentally the effectiveness of this probing technique taking into account important factors such as the firewall's motherboard architecture and load conditions at network links and hosts. In addition we examine the impact of launching a low‐rate DoS attack on a firewall's performance. The performance is studied in terms of the firewall's CPU utilization and throughput, packet loss, and latency. Copyright © 2009 John Wiley & Sons, Ltd.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
