Академический Документы
Профессиональный Документы
Культура Документы
Lecture 09A
Firewalls
Taseer Suleman
taseersuleman@lgu.edu.pk
Outline
Firewall
Type of Firewalls
Simple Packet Filter
Firewalls: Motivation
Disadvantages:
Cannot prevent attacks on specific application
weaknesses
Limiting logging capabilities
Typically no support for user authentication
Easy to make mistakes when creating rules
Packet Filter Firewall:
Vulnerabilities
Packet filter firewalls are vulnerable to following
attacks :
IP spoofing
Source address routing
Tiny fragment attacks
Packet Filter Firewall: IP Spoofing
An intruder outside the network sends packets to internal
corporate network by using one of the internal IP address
as the source address. The attacker hopes that the use of
spoofed address will allow penetration of systems that
employ simple source address security, packets from
specific trusted internal hosts are accepted
Countermeasure?
Discard all packets coming with source addresses equal to
one of the internal addresses
Packet Filter Firewall: Source
Address Routing
Source routing has two variations:
Loose: The attacker specifies a list of IP addresses
through which a packet must travel. However the
packet could also travel through additional routers
that interconnect IP addresses specified in the list
Strict: The IP addresses in the list specified by the
attacker are the only IP addresses through which a
packet is allowed to travel
Packet Filter Firewall: Source Address Routing
Loose Source Record Route
An intruder specifies the route, the packet should take as it
crosses the internet, in the hopes that this will bypass security
measures that do not analyze source routing information
Normal traffic flow from the attacker to the server goes via "router
a", "router b", "router c", a firewall and finally to the victim we
have our standard scenario for routing traffic over the Internet
Packet Filter Firewall: Source Address Routing
Strict Source Record Route
By exploiting, the routing could be made to go via "router a",
"router b", "trusted host", the firewall and finally to the
victim using the source IP of the trusted host
Countermeasure?
The countermeasure
is to discard all
packets that use this
option