• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.33-41
• /
• 2005

Information can be leaked, changed, damaged and illegally used regardless of the intension of the information owner. Intrusion Detection Systems and Firewalls are used to protect the illegal accesses in the network. But these are the passive protection method, not the active protection method. They only react based on the predefined protection rules or only report to the administrator. In this paper, we develop the intrusion detection and protection system using Netfilter framework. The system makes the administrator's management easy and simple. Furthermore, it offers active protection mechanism against the intrusions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.129-140
• /
• 2003

Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.77-87
• /
• 2007

It will need a quite long time to replace IPv4 protocol, which currently used, with IPv6 protocol completely, thus we will use both IPv4 and IPv6 together in the Internet during the period. For coexisting protocols, IETF standardized various IPv4/IPv6 transition mechanisms. However, new security problems of IPsec adaptation and IPv6 packet filtering can be raised by tunneling mechanism which mainly used in transition mechanisms. To resolve these problems, we suggested two improved schemes for packet filtering functions, which consists of an inner header filtering scheme and a dedicated filtering scheme for IPv4/IPv6 transition mechanisms. Also we implemented our proposed schemes based on Linux Netfilter framework, and we tested their filtering functions and evaluated experimental performance of our implementation on IPv4/IPv6 transition testbed. These evaluation tests indicated that our improved packet filtering functions can solve packet filtering problems of IPv4/IPv6 transition mechanisms without severely affecting system performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.477-482
• /
• 2007

최근 다양한 P2P 프로그램을 많이 사용함에 따라 네트워크에서 생겨나는 트래픽의 상당 부분이 P2P가 발생시키는 트래픽으로 이미 HTTP, FTP의 양을 훨씬 뛰어넘고 있다. 현재 인터넷 환경에서 방화벽을 통과하기 위해 포트번호를 변경하여 통신을 하는 새로운 P2P응용들의 행동들은 전통적인 well-known port 기반의 응용프로그램을 구분하는 단순한 분석 방법만으로 신뢰하기가 어렵다. 새로운 P2P 응용들과 같은 트래픽 모니터링의 정확도를 높이기 위해서는 TCP/IP 헤더만이 아니라 패킷이 담고 있는 페이로드 내용에 대한 조사 차원의 모니터링 방법이 필요하다. 본 논문에서는 TCP/IP 헤더 정보와 더불어 패킷의 페이로드 내용을 조사하여 P2P 트래픽을 탐지하는 모니터링 기법을 제안한다. 이어 탐지되는 P2P 트래픽에 대하여 Linux Netfilter Framework의 Queuing Discipline에서 제공하는 계층적인 우선순위 큐를 사용하여 일정한 양의 대역폭을 할당하는 정책을 적용함으로써 안정적이면서 효율적인 네트워크 운용 방안을 제시한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.701-705
• /
• 2002

This paper describes implementation of IPv6-IPv4 transition toolbox named as 6TALK(IPv6 TrAansLator of Krv6) and some scenarios using 6TALK which enables IPv6 island to connect other IPv6 island or IPv4 island seamlessly. 6TALK implements some transition mechanisms suggested in NGTrans Working Group of IETF. Those mechanisms are composed of basic mechanism, tunneling, and applied mechanism such as DSTM. 6TALK provides functions which enable IPv6 network at the edge of existing network to communicate with IPv4 network by using these transition mechanisms. As major transition mechanisms in 6TALK we adopt NAT-PT/SIIT and DSTM/DSTM options and as implementation environment we use Linux Kernel 2.4.18 and Netfilter framework. Software modules implemented in Linux kernel was ported to hardware box using Motorola MPC 8260 processor. The transition mechanisms used in 6TALK are the ones predicted to be used in initial transition step to IPv6.