Firewall Security: Policies, Testing and Performance Evaluation
COMPSAC '00 24th International Computer Software and Applications Conference
Algorithms for routing lookups and packet classification
Algorithms for routing lookups and packet classification
A Graph-based Methodology for Analyzing IP Spoofing Attack
AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
Quantitative Analysis on the Cacheability Factors of Web Objects
COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 01
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
On the Safety and Efficiency of Firewall Policy Deployment
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Cisco asa, pix, and fwsm firewall handbook, second edition
Cisco asa, pix, and fwsm firewall handbook, second edition
CCNA: Cisco Certified Network Associate Fast Pass
CCNA: Cisco Certified Network Associate Fast Pass
Resiliency of open-source firewalls against remote discovery of last-matching rules
Proceedings of the 2nd international conference on Security of information and networks
Hi-index | 0.00 |
Denial of service (DoS) attacks pose a major threat to the smooth operations of critical network resources. Network firewalls act as the first line of defence against unwanted and malicious traffic. Firewalls themselves can become target of DoS attacks. In a prior work (Salah et al., 2009), we studied the resiliency and robustness of open-source network firewalls against the remote discovery of the last-matching rules. If last-matching rules are discovered, an attacker can launch an effective and slow-rate DoS attack which can bring down the firewall to its knees. In this paper, we examine and compare the resiliency of five of the most popular network firewalls, considering both open-source and commercial ones; namely, Linux NetFilter, Linux IPSets and FreeBSD ipfw, Cisco PIX and Cisco ASA. Our results show significant variations in the resiliency of these five firewall technologies, with Cisco ASA being the most resilient and Cisco PIX being the most vulnerable.