FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.01 |
The concept of distributing firewalls into the Internet was previously presented for the purpose of pushing LAN attacks away from a single firewall [1, 2]. This paper presents a protocol for firewalls to communicate information to enable distributed firewalls to isolate LAN attacks. Currently firewalls are used to protect a single LAN or extranet of collaborating units. However, each firewall in these configurations are individually managed. Our approach is to place firewalls out into the Internet that will cooperate and push the attack to a firewall that is nearer to the source of the attack. These distributed firewalls can be considered as gateway firewalls. We present a protocol of command and information packets used to take the offensive in the Internet war against hackers and crackers. The communicating firewalls would be placed in routers or switches acting as gateways throughout the Internet. The proposed protocol can be encapsulated as a security agent into any one of the popular router protocols (e.g., BGP and PNNI). We have currently chosen to place our protocol over BGP-4. In order to evaluate our new protocol we have developed a distributed network protocol simulator which we also describe in this paper.