Transport layer proxy for stateful UDP packet filtering
نویسندگان
چکیده
Firewall support for UDP traffic today is still insecure and inadequate. We propose in this paper a Transport Layer Proxy (TLP) to provide a secure UDP firewall traversal service on the transport layer (the TLP supports TCP as well). For each UDP association with endpoints separated by a TLP server, the TLP server performs userlevel or host-level authentication, packet filtering, packet relaying, optional network address translation, session logging, timing-out of idle association, and other securityrelated functions. The core of the TLP is a two-step TLP binding procedure that makes a UDP association stateful between a TLP client and a TLP server. This binding procedure supports Active UDP Open, Passive UDP Open, and Source-Specific UDP Open, which a local program may perform on a UDP socket.
منابع مشابه
A Transport-Level Proxy for Secure Multimedia Streams
service, firewalls need more than static packet filtering and application-level proxies. SOCKS is an application-independent transport-level proxy that offers user-level authentication and data encryption. An extended SOCKS UDP binding model with appropriate socket calls is proposed to provide complete support for UDP-based, multimedia streaming applications. T he increasing popularity of multi...
متن کاملNetwork Security Cs 473
The project entails the implementation of a web firewall for the LUMS community having the features of filtering traffic on the basis of specified rules. The filtering criterion includes content as well as the source and destination addresses. Moreover, it allows monitoring of individual users through keeping record of their searches made on famous search engines. The firewall is incorporated i...
متن کاملInternet Firewall
This paper commences by explaining some firewall definitions in order to understand basic terms for firewall techniques. Three firewall techniques, from packet filtering through to proxy services and stateful packet inspection are then discussed. Following techniques, various firewall architectures, ranging from dual-home host architecture, screened host architecture and screened subnet archite...
متن کاملPerformance Comparison of Auxiliary Vector and RAKE-MF Receiver for Transport of H.264/AVC Video Over DS-CDMA Wireless Channels
In this paper, we propose a robust transmission technique for packet-based H.264/AVC video transmission over DS-CDMA wireless channels using Auxiliary Vector (AV) and RAKE-MF receivers and confirm the superiority of the AV receiver. AV Filtering is an iterative algorithm that has fast convergence for short data records. In the proposed system, the H.264 video data packets are packetized and tra...
متن کاملDesign and Performance of the OpenBSD Stateful Packet Filter (pf)
With more and more hosts being connected to the Internet, the importance of securing connected networks has increased, too. One mechanism to provide enhanced security for a network is to filter out potentially malicious network packets. Firewalls are designed to provide “policy-based” network filtering. A firewall may consist of several components. Its key component is usually a packet filter. ...
متن کامل