STATELESS MODEL FOR THE PREVENTION OF MALICIOUS COMMUNICATION CHANNELS

A. Singh, A.L. Mora dos Santos, O. Nordström, and C. Lu

References

  1. [1] Loki ICMP backdoor, http://www.iss.net/security_ cen-ter/static/1452.php. Last access date: 26 July 2006.
  2. [2] Personal firewall: What are they, how do they work?http://www.sans.org/rr/homeoffice/personal_fw.php. Lastaccess date: 26 July 2006.
  3. [3] Back orifice SDK documents, http://bo2k.sourceforge.net/in-dexnews.html NIST, US. Last access date: July 2003.
  4. [4] ICMP attacks illustrated, http://www.sans.org/reading_room/whitepapers/threats/?portal=d4cfb29e25c0f79050d95ebdd665a971. Last access date: 26 July 2006.294
  5. [5] C.H. Rowland, Covert channel in the TCP/IP protocol suite,http://www.firstmonday.dk/issues/issue2_5/rowland/. Lastaccess date: 26 July 2006.
  6. [6] CERT Advisory Denial of Service Attacks, http://www.cert.org/advisories/CA-1999-17.html. Last access date: 26 July2006.
  7. [7] Intrusion Detection FAQs, http://www.sans.org/resources/id-faq/icmp_misuse.php. Last access date: 26 July 2006.
  8. [8] Raptor firewall, http://enterprisesecurity.symantec.com/. Lastaccess date: 26 July 2004.
  9. [9] R.A. Kemmer, Shared resource matrix methodology: Anapproach to identifying storage and the timing channels, ACMTransactions on the Computer Systems, 1 (3), 1983, 256–277. doi:10.1145/357369.357374
  10. [10] G.J. Simmons, The prisoner’s problem and the subliminalchannel, in D. Chaum (Ed.), Advances in cryptography: Pro-ceedings of Crypto- 83 (New York and London: Plenum Press,1984), 51–67.
  11. [11] Root exploit and DOS in the Linux kernel, http://www.linux-devcenter.com/pub/a/linux/2001/10/22/insecurities.html.Last access date: 26 July 2006.
  12. [12] S.M. Bellovin & M. Merrit, Encrypted key exchange: Password-based protocols secure against dictionary attacks, Proc. of theIEEE Symp. on Research in Security and Privacy, Oakland,CA, 1992.
  13. [13] Tiny personal firewall, http://www.tinysoftware.com/home/tiny2?la=EN. Last access date: 26 July 2004.
  14. [14] A. Singh, O. Nordstrom, C. Lu, & A.L.M. dos Santos, MaliciousICMP tunneling, defense against the vulnerability, Proc. of the8th Australasian Conf. on Information Security and Privacy,Australia, 2003.
  15. [15] Downloadable module for Linux to prevent ICMP tummels,www.2factor.us/tunnel.html. Last access date: 26 July 2006.
  16. [16] Downloadable module for Linux to prevent TCP/IP tunneling,www.2factor.us/tunnel.html. Last access date: 26 July 2006.
  17. [17] A. Singh, O. Nordstrom, & A.L.M. dos Santos, Using semanticconsistency check to prevent malicious tunnels, Proc. of Communication, Networks and Information Security, CNIS 2003,New York, 2003.
  18. [18] Netfilter firewalling, NAT and packet mangling for Linux 2.4,http://www.netfilter.org/. Late access date: 1 August 2006.
  19. [19] J. Postel (Ed.), Internet protocol—DARPA Internet programprotocol specification, RFC 791, USC Information SciencesInstitute, 1981.
  20. [20] J. Postel (Ed.), Internet control message protocol—DARPAInternet program protocol specifications, RFC 792, 1981.AppendixFigure A-1. Options provided by the tiny personal firewall.Figure A-2.1 Client initiating connection.Figure A-2.2 Firewall of the client while initiating connection.Figure A-3.1 Server receiving request.295Figure A-3.2 Firewall of the server receiving request.Figure A-4.1 Client requesting for directory listing.Figure A-4.2 Firewall of the client when it requests fordirectory listing.Figure A-5 Server executing dir command.

Important Links:

Go Back