Detecting and Resolving Packet Filter Conflicts
نویسندگان
چکیده
Adiseshu Hari 1, Subhash Suri2, Guru Parulkar2 1Bell Laboratories 2Washington University 101 Crawfords Corner Road Box 1045 Holmdel, NJ 07733, USA St. Louis, MO 63130, USA [email protected] (suri, guri)@cs.wustl.edu Abstract—1 Packet filters are rules for classifying packets based on their header fields. Packet classification is essential to routers supporting services such as Quality of Service (QoS), Virtual Private Networks (VPNs), and firewalls. A filter conflict occurs when two or more filters overlap, creating an ambiguity in packet classification. Current techniques for resolving filter conflicts are based on prioritizing conflicting filters, and choosing the higher priority filter. We show that such ordering does not always work. Instead, we propose a new scheme for conflict resolution, which is based on the idea of adding resolve filters. Our main results are algorithms for detecting and resolving conflicts in a filter database. We have tried our algorithm on 3 existing firewall databases, and have found conflicts, which are potential security holes, in each of them. Keywords—Packet Filters, Classification, Security, Firewalls
منابع مشابه
Resolving Student-Parents Conflicts through the Improvement of Moral and Spiritual Intelligence
Resolving conflicts between students and their parents could lead to improvements in academic achievement. As a result, ways of helping with such an outcome are of significance. It can be hypothesized that improvements in moral and spiritual intelligence could lead to such resolutions. To explore this relationship, from among 450 high school students selected randomly, a group of 90 students wi...
متن کاملPacket Filter Management for Layer 4 Switching
Packet lters are rules for classifying packets based on their header elds. A lter speciies a pattern for each of the key header elds, and an action that is applied to the packet matching this lter. Packet classiication is essential to routers supporting services such as Quality of Service (QoS), Virtual Private Networks (VPNs), and rewalls. A lter connict occurs when two or more lters overlap, ...
متن کاملExplaining the Increasing Tolerance Threshold for Resolving Marital Conflicts with the Moderating Role of Religious Teachings (Case Study in a Military Unit)
Introduction: Family is established by the marriage contract. The emotional and rational health as well as the authority of the family depend on the members benefiting from insight and knowledge necessary to prevent deviations. Objective: This study aimed to determine the effect of increasing the tolerance threshold in solving marital conflicts with the moderating role of religious teachings. M...
متن کاملAn Efficient Conflict Detection Algorithm for Packet Filters
Packet classification is essential for supporting advanced network services such as firewalls, quality-of-service (QoS), virtual private networks (VPN), and policy-based routing. The rules that routers use to classify packets are called packet filters. If two or more filters overlap, a conflict occurs and leads to ambiguity in packet classification. This study proposes an algorithm that can eff...
متن کاملWorking Paper Alfred P. Sloan School of Management a Metadata Approach to Resolving Semantic Conflicts a Metadata Approach to Resolving Semantic Conflicts a Metadata Approach to Resolving Semantic Conflicts
Semantic reconciliation is an important step in determining logical connectivity between a data source (databcise) and a data receiver (application). Semantic reconciliation is used to determine if the semantics of the data provided by the source is meaningful to the receiver. In this paper we describe a rule-bzised approach to semantic specification and demonstrate how this specification can b...
متن کامل