• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.821-830
• /
• 2006

As internet worms are spread out worldwide, the detection and filtering of worms becomes one of hot issues in the internet security. As one of implementation methods to detect worms, the Linux Netfilter kernel module can be used. Its basic operation for worm detection is a string matching where coming packet(s) on the network is/are compared with predefined worm signatures(patterns). A worm can appear in a packet or in two (or more) succeeding packets where some part of worm is in the first packet and its remaining part is in its succeeding packet(s). Assuming that the maximum length of a worm pattern is less than 1024 bytes, we need to perform a string matching up to two succeeding packets of 2048 bytes. To do so, Linux Netfilter keeps the previous packet in buffer and performs matching with a combined 2048 byte string of the buffered packet and current packet. As the number of concurrent connections to be handled in the worm detection system increases, the total size of buffer (memory) increases and string matching speed becomes low In this paper, to reduce the memory buffer size and get higher speed of string matching, we propose a string matching scheme without using buffer. The proposed scheme keeps the partial matching result of the previous packet with signatures and has no buffering for previous packet. The partial matching information is used to detect a worm in the two succeeding packets. We implemented the proposed scheme by modifying the Linux Netfilter. Then we compared the modified Linux Netfilter module with the original Linux Netfilter module. Experimental results show that the proposed scheme has 25% lower memory usage and 54% higher speed compared to the original scheme.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.11a
• /
• pp.25-27
• /
• 2003

최근의 기업의 업무관련 네트워크가 인터넷의 발달, 글로벌(Global)경영, 전자상거래의 발달 등으로 인하여 전용선을 구축하여 인트라넷(Intranet) 환경에서 처리하던 업무들을 엑스트라넷(Extranet) 환경으로 확장하게 되었다. 엑스트라넷은 해당 기업의 여러 지사뿐만 아니라, 제조업체, 공급업체, 협력업체, 고객, 다른 비즈니스업체들과 안전한 공유를 위해서는 꼭 필요하다. 그러나, 이러한 엑스트라넷 구성은 비용적인 측면과 보안적인 측면 모두 고려해야된다. 현재의 추세는 기존의 공중망을 이용하여 사설망처럼 사용하는 VPN(Virtual Private Network)를 구성하고 있다. 본 논문에서는 리눅스기반하에 IPsec 프로토콜을 사용하여 VPN을 구성할 수 있는 freeS/WAN과 방화벽기능을 하는 패킷 필터링(Packet Filtering) 프로그램인 iptables를 이용하여 비용적 부담이 적고 안전한 엑스트라넷을 구성하고자 한다.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.33-41
• /
• 2005

Information can be leaked, changed, damaged and illegally used regardless of the intension of the information owner. Intrusion Detection Systems and Firewalls are used to protect the illegal accesses in the network. But these are the passive protection method, not the active protection method. They only react based on the predefined protection rules or only report to the administrator. In this paper, we develop the intrusion detection and protection system using Netfilter framework. The system makes the administrator's management easy and simple. Furthermore, it offers active protection mechanism against the intrusions.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.3
• /
• pp.47-59
• /
• 2007

IPv4 NAT, which often used in households or under SOHO environments, is one of the factors that delays IPv6 propagation. As IPv4 NAT does not operate properly under the transition mechanism like ISATAP or 6to4 that acts as IPv6-in-IPv4 tunneling type, Microsoft proposed Teredo in order to resolve this issue. However, tunneling transition mechanism like Teredo has a security problem. That is, being tunneled packets have dual IP headers; general firewall systems apply the filtering rules only to the outer header but not inner header when these packets pass the firewall. Furthermore, attacks using unregistered server and relay can take place in Teredo. To resolve these problems, we propose a new packet filtering mechanism exclusively for Teredo. The proposed packet filtering mechanism was designed and implemented by using Linux Netfilter and ip6tables. Through functional and experimental performance tests, this packet filtering system was found operating properly and solving the Teredo packet filtering problems without serious performance degradation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.77-87
• /
• 2007

It will need a quite long time to replace IPv4 protocol, which currently used, with IPv6 protocol completely, thus we will use both IPv4 and IPv6 together in the Internet during the period. For coexisting protocols, IETF standardized various IPv4/IPv6 transition mechanisms. However, new security problems of IPsec adaptation and IPv6 packet filtering can be raised by tunneling mechanism which mainly used in transition mechanisms. To resolve these problems, we suggested two improved schemes for packet filtering functions, which consists of an inner header filtering scheme and a dedicated filtering scheme for IPv4/IPv6 transition mechanisms. Also we implemented our proposed schemes based on Linux Netfilter framework, and we tested their filtering functions and evaluated experimental performance of our implementation on IPv4/IPv6 transition testbed. These evaluation tests indicated that our improved packet filtering functions can solve packet filtering problems of IPv4/IPv6 transition mechanisms without severely affecting system performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.28-30
• /
• 2004

이동 애드혹 환경에서의 멀티캐스트 라우팅 테이블을 이용하여 패킷을 전달하기 위해서는 멀티캐스트 데이터 포워딩이 지원되어야 한다. 무선 환경에서의 멀티캐스트 데이터 포워딩은 유선 환경에서의 멀티캐스트 데이터 포워딩과는 차이기 있다. 유선 환경에서 노드의 네트워크 인터페이스는 다른 노드의 네트워크 인터페이스와 1대1로 연결되고, 네트워크 인터페이스로 들어온 패킷이 다른 노드로 전달되어야 한다면 해당되는 다른 네트워크 인터페이스를 통해 전달된다. 그러나 이동 애드혹 환경에서 대부분의 노드는 하나의 네트워크 인터페이스를 가지며 패킷 진입 인터페이스와 진출 인터페이스가 같고 노드의 무선 네트워크 인터페이스는 이웃 노드의 네트워크 인터페이스들과 1대다의 관계를 갖는다. 이동 애드혹 환경에서 멀티캐스트 데이터 포워딩시에 이러한 특성을 고려하지 않을 경우 패킷 중복현상과 라우팅 루프 문제 등이 유발될 수 있다. 본 연구에서 제안하고 구현한 멀티캐스트 데이터 포워딩 기법은 리눅스 환경에서 넷필터[1]와 중복을 방지하기 위한 별도의 테이블을 사용하여 트리 기반 멀티캐스트 라우팅 프로토콜에 의해 결정된 경로를 이용한 효율적인 멀티캐스트 데이터 포워딩을 지원한다.

• Journal of KIISE:Information Networking
• /
• v.33 no.6
• /
• pp.407-419
• /
• 2006

As substituting IPv6 network for all IPv4 network in a short time seems unattainable due to high cost and technical limitation, IPv4 and IPv6 are expected to coexist for a certain period of time. Under the co]existing environment of IPv4 and IPv6, interworking brings a number of extra security considerations even if it may have no security problem for each protocol respectively. Thus, the analysis and solutions for those various attacks toward IPv4/IPv6 interworking-related security are inevitably required for the sake of effective transition and settlement to IPv6. In this paper we carried out a proper rule of packet filtering for IPv6-in-IPv4 tunneling interworking environment to protect the IPv4/IPv6 interworking-related security attacks. Design and implementation of the packet filtering system suitable for IPv4/IPv6 tunneling environment in the form of Linux netfilter and ip6tables are also shown. Thru this study, the packet filtering system was found operating correctly ill the tunneling mechanism.