A Secure Packet Filtering Mechanism for Tunneling over Internet

  • Authors:

  • Wan-Jik Lee;Seok-Yeol Heo;Tae-Young Byun;Young-Ho Sohn;Ki-Jun Han

  • Affiliations:

  • Department of Bio-Electronics, Pusan National University of Pusan, Korea;Department of Bio-Electronics, Pusan National University of Pusan, Korea;School of Computer and Information Communications Engineering, Catholic University of Daegu, Gyeongsan, Gyeongbuk, Korea;School of Electrical Engineering and Computer Science, Yeungnam University of Daegu, Korea;Department of Computer Engineering, Kyungpook National University of Daegu, Korea

  • Venue:
  • ICESS '07 Proceedings of the 3rd international conference on Embedded Software and Systems
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Unlike Internet design policies of early stage, various types of tunneling are currently used in Internet for IPv4/IPv6 transition, IP multicasting and IP mobility. As tunneled packets have dual IP headers, general firewall systems apply the filtering rules only to the outer header but not to the inner header when these packets pass the firewall. Thus, many present firewall systems may have serious security problems to packet filtering for tunneled packets. To resolve this issue, a new packet filtering mechanism to filter tunneled packets is proposed in this paper. We design and implement the packet filtering mechanism by using Linux Netfilter. Through this study, the packet filtering system was also found operating correctly in the IPv6-in-IPv4/IP-in-IP tunneling.