SMANET_Midterm_Report_13July03.doc

34 gateway firewall filter the gateway node requires

Info icon This preview shows pages 6–9. Sign up to view the full content.

View Full Document Right Arrow Icon
3.4 Gateway Firewall Filter The gateway node requires a different filter because it has two interfaces: a wireless port and a gateway port to the external network or Internet. The filtering criteria for its wireless port are the same as that of the other MANET nodes. Only packets from a specific MAC addresses will be accepted. There are no filtering criteria for its gateway port so all Internet traffic is accepted through this port. #!/bin/sh # GATEWAY-FILTER # eth0: gateway port # eth1: wireless port # # DROP all wireless packets from the INPUT and FORWARD chains # except those with the following MAC addresses: # 00:09:B7:7B:B2:58 Cisco 350 PCI # 00:0A:B7:8B:5C:1D Cisco 350 PCMCIA # Set default policy on INPUT & FORWARD chains to DROP iptables -P INPUT DROP iptables -P FORWARD DROP # ACCEPT all packets on gateway port eth0 iptables -A INPUT -i eth0 -p ALL -j ACCEPT iptables -A FORWARD -i eth0 -p ALL -j ACCEPT # Apply INPUT chain filtering to wireless port eth1 iptables -A INPUT -i eth1 -p ALL -m mac --mac-source 00:09:B7:7B:B2:58 -j ACCEPT iptables -A INPUT -i eth1 -p ALL -m mac --mac-source 00:0A:B7:8B:5C:1D -j ACCEPT # Apply FORWARD chain filtering to wireless port eth1 iptables -A FORWARD -i eth1 -p ALL -m mac --mac-source 00:09:B7:7B:B2:58 -j ACCEPT iptables -A FORWARD -i eth1 -p ALL -m mac --mac-source 00:0A:B7:8B:5C:1D -j ACCEPT Table 3 Gateway Filter Table 3 above shows the script executed by the gateway node to implement its firewall. As in the filter of Table 2, the 1 st two iptables statements define a default drop policy for the INPUT and FORWARD chains. The next two iptables statements specify that all packets from the gateway port
Image of page 6

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
(eth0) will be accepted. The next 4 iptables statements specify that only packets from two specific MAC addresses will be accepted from the wireless port. 4. Firewall Performance Figure 5 below shows the IP addresses assigned to the various ports in the SMANET test bed. The IP addresses will be referenced when discussing the performance of the wireless firewall. Figure 5 SMANET with Addresses 4.1 Control Configuration without Firewall In the control configuration without a firewall, the attacker was able to associate with the MANET and take advantage of its services. In Table 4 below, we see that the gateway was able to trace a route to the attacker’s IP address, 192.168.1.8. traceroute to 192.168.1.8 (192.168.1.8), 30 hops max, 38 byte packets 1 192.168.1.9 (192.168.1.9) 97.754 ms 1.505 ms 1.532 ms 2 192.168.1.8 (192.168.1.8) 2.731 ms 2.906 ms 2.753 ms Table 4 Traceroute from Gateway to Attacker By joining the MANET, the attacker was able to use the gateway to connect to the Internet. In Table 5 below, we see that the attacker is able to trace a route to a server on the Internet, known as “cs.uccs.edu.”
Image of page 7
traceroute to cs.uccs.edu (128.198.162.68), 30 hops max, 38 byte packets 1 192.168.1.9 (192.168.1.9) 99.265 ms 0.349 ms 0.327 ms 2 192.168.1.1 (192.168.1.1) 0.393 ms 0.407 ms 3.276 ms 3 cs-content-switch1-router.uccs.edu (128.198.60.1) 0.381 ms 0.413 ms 0.334 ms 4 cs.uccs.edu (128.198.162.68) 8.355 ms 2.843 ms 2.696 ms Table 5 Traceroute from Attacker to Internet Server 4.2 Firewall Configuration By erecting firewalls on both the gateway and the SMANET node, IP communications with the attacker is terminated. In Table 6 below, a trace of the route from the gateway to the attacker fails.
Image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern