{"title":"边缘防火墙主动探测ICMP策略分析","authors":"Hyeonwoo Kim, Dongwoo Kwon, Hongtaek Ju","doi":"10.1109/APNOMS.2014.6996591","DOIUrl":null,"url":null,"abstract":"The method of inferring firewall policy, using Active Probing repeats the process of transmitting TCP/UDP/ICMP packets and receiving ICMP response packets. However, if ICMP response packets cannot be received normally, the accuracy of inferring the firewall policy decreases, and it is necessary to verify the feasibility in real conditions. In this paper, we collect Autonomous System (AS) information to investigate the tolerance of ICMP intended for all AS across the world in addition to DNS server information, which is operational within AS. We confirm whether ICMP response packets are received or not by transmitting probing packets to the DNS server. Finally, we propose the AS information that received ICMP packets as the result of the test.","PeriodicalId":269952,"journal":{"name":"The 16th Asia-Pacific Network Operations and Management Symposium","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Analysis of ICMP policy for edge firewalls using active probing\",\"authors\":\"Hyeonwoo Kim, Dongwoo Kwon, Hongtaek Ju\",\"doi\":\"10.1109/APNOMS.2014.6996591\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The method of inferring firewall policy, using Active Probing repeats the process of transmitting TCP/UDP/ICMP packets and receiving ICMP response packets. However, if ICMP response packets cannot be received normally, the accuracy of inferring the firewall policy decreases, and it is necessary to verify the feasibility in real conditions. In this paper, we collect Autonomous System (AS) information to investigate the tolerance of ICMP intended for all AS across the world in addition to DNS server information, which is operational within AS. We confirm whether ICMP response packets are received or not by transmitting probing packets to the DNS server. Finally, we propose the AS information that received ICMP packets as the result of the test.\",\"PeriodicalId\":269952,\"journal\":{\"name\":\"The 16th Asia-Pacific Network Operations and Management Symposium\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 16th Asia-Pacific Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2014.6996591\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 16th Asia-Pacific Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2014.6996591","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analysis of ICMP policy for edge firewalls using active probing
The method of inferring firewall policy, using Active Probing repeats the process of transmitting TCP/UDP/ICMP packets and receiving ICMP response packets. However, if ICMP response packets cannot be received normally, the accuracy of inferring the firewall policy decreases, and it is necessary to verify the feasibility in real conditions. In this paper, we collect Autonomous System (AS) information to investigate the tolerance of ICMP intended for all AS across the world in addition to DNS server information, which is operational within AS. We confirm whether ICMP response packets are received or not by transmitting probing packets to the DNS server. Finally, we propose the AS information that received ICMP packets as the result of the test.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
