MetaCart Sign in to MyCiteSeerX

Include Citations | Advanced Search | Help

Disambiguated Search | Include Citations | Advanced Search | Help

Linking Chains - A methodology for developing rules for IP Chains

by Daniel Bradley ,  Eric Faccer ,  Mark Cross
Add To MetaCart

Abstract:

This paper describes a methodology for configuring a packet filter, which is one of the components of a firewall system. It takes into consideration non-obvious security nuances of the TCP/IP protocol stack that may be overlooked by system administrators. The methodology uses the TCP/IP protocol suite' s layered architecture as the guide for the composition of the packet filter rule set. It uses the IP Chains packet filter to demonstrate a practical example.

Citations

367 Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2827 – Ferguson, Senie - 2000
277 Requirements Internet hosts - communication layers – Braden - 1989
255 Dynamic Host Configuration Protocol – Droms - 1993
37 Building Internet Firewalls – Chapman, Zwicky - 1995
18 Address Allocation for Private Internets", RFC – Rekhter, Moskowitz, et al. - 1918
12 A Toolkit and Methods for Internet Firewalls – Ranum, Avolio - 1994
2 Statistical analysis of malformed packets and their origins in the modern Internet – Bykova, Ostermann - 2002
1 Linux IPCHAINS HOWTO". Version 1.0.8 – Russel - 2000
1 7498 "Information Processing Systems - Open Systems Interconnection - Basic Reference Model – ISO - 1984
1 2001, "An introduction to ARP spoofing – Whalen - 2001
1 ICMP Usage in Scanning: The Complete Know How". http://www'ss-securit'cm/archive/papers/ICMP Scanning v3.0.pdf – Arkin
1 Behaviour of and requirementsforlnternetfirewalls – Freed - 2000
1 Firewall and proxy serverHOWTO". Version 0.80 – Grennan - 2000
View or Download | Add to My Collection | Correct Errors