Abstract
Application layer attacks pose as a grievous threat to the valuable information stored at Web servers for its illegitimate access. These attacks exploit certain protocols being used by an application of the targeted server, and at network level, these can only be intercepted by reading the contents of the packets before they reach the victim machine. This paper explores the use of Iptables for mitigating such application layer attacks, namely SQL injection, Cross-Site Scripting (XSS), HTTP Flood, FTP Flood and FTP Bounce attacks. The signature keywords used for articulating these attacks were first identified, and then, the new customized Iptables rules were laid for detection and mitigation of these attacks. The Iptables rules were tested on an experimental setup in a real network, and it was found that these rules could successfully detect the attack with the system performance degradation of only about 1% and therefore are easy to implement for configuring a lightweight security solution for application servers.
Similar content being viewed by others
References
H. Mao, L. Zhu and M. Li, Current state and future development trend of firewall technology, in 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing (2012)
Iptables, (2017) http://www.Iptables.info/en/structure-of-Iptables.html. Accessed 7 Sept 2017
H. Garantla and O. Gemikonakli, Evaluation of Firewall Effects on Network Performance. School of Engineering and Information Sciences, Middlesex University, London (2009)
S. Nassar, A. El-Sayed and N. Aiad, Improve the network performance by using parallel firewalls, in 2010 6th International Conference on Networked Computing (INC) (2010)
W. Su and J. Xu, Performance Evaluations of Cisco ASA and Linux Iptables Firewall Solutions (2013)
Netfilter Project, www.netfilter.org. Accessed 01 Oct 2017
P. Linde, M. Pumputis and G. Rodr, iptables revisited: a not so ordinary ‘firewall’. https://www.it.uu.se/edu/course/homepage/sakdat/vt09/pm/programme/iptables.pdf. Accessed 3 Feb 2018
G. Rodrigues, R.D.O. Albuquerque, F.D. Deus, R.D. Sousa, G.D.O. Júnior, L. Villalba, T.-H. Kim, Cybersecurity and network forensics: analysis of malicious traffic towards a Honeynet with Deep Packet Inspection. Appl. Sci. 7(10), 1082 (2017)
M. Rash, IDS signature matching with iptables, psad, and fwsnort. login: The Usenix Megazine 32(6), 44–50 (2007)
N. Gandotra, L.S. Sharma, A novel framework for combating network attacks using Iptables. Int. J. Comput. Sci. Eng. 7(3), 226–237 (2019)
M. Rash, Linux Firewalls—Attack Detection and Response (2007)
OWASP WebGoat Project. https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project. Accessed 19 June 2018
Scapy and its Documentation (2017). Available: https://scapy.readthedocs.io/en/latest/. Accessed 22 Oct 2017
fwsnort: Application Layer IDS/IPS with iptables. http://cipherdyne.org/fwsnort/. Accessed Apr 2018
T. Graves and C. Jaiswal, Smart cooperative firewalls: An aid to a safer and secure cyber world, in 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), New York City, NY, USA (2017)
S.D.S. Torshizi, S. Rostampour and M. Tanha, New secure and low-cost design for defense in depth implementation using open source software, in 2011 IEEE Student Conference on Research and Development (2011)
W. Sriphum, T. Chomsiri, P. Attanak and P. Noitarong, SQL injection protector, in 2011 International Conference on Modeling, Simulation and Control IPCSIT IACSIT Press, Singapore (2011)
H. Alnabulsi, M.R. Islam and Q. Mamun, Detecting SQL injection attacks using SNORT IDS, in Asia-Pacific World Congress on Computer Science and Engineering, Nadi, Fiji (2014)
H. AlNabulsi, I. Alsmadi, M. Al-Jarrah, Textual manipulation for SQL injection attacks. I.J. Comput Netw. Inf. Secur. 1, 26–33 (2013)
G.B. Satrya, S.Y. Shin, Optimizing rule on open source firewall using content and PCRE combination. J. Adv. Comput. Netw. 3(4), 308–314 (2015)
M. Dabbour, I. Alsmadi, E. Alsukhni, Efficient assessment and evaluation for websites vulnerabilities using SNORT. Int. J. Secur. Its Appl. 7(1), 7–16 (2013)
K.K. Mookhey and N. Burghate, Detection of SQL Injection and Cross-site Scripting Attacks. http://www.securityfocus.com/infocus/1768
Y.G. Dantas, V. Nigam and I.E. Fonseca, A selective defense for application layer DDoS attacks, in 2014 IEEE Joint Intelligence and Security Informatics Conference (2014)
M. Tahir, M. Li, N. Ayoub, U. Shehzaib, A. Wagan, A novel DDoS floods detection and testing approaches for network traffic based on linux techniques. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 9(2), 341–357 (2018)
R.F. Silva, R. Barbosa, J. Bernardino, Intrusion detection systems for mitigating SQL injection attacks: review and state-of-practice. Int. J. Inf. Secur. Privacy 14(2), 20–40 (2020)
I. Jemal, O. Cheikhrouhou, H. Hamam, A. Mahfoudhi, SQL injection attack detection and prevention techniques using machine learning. Int. J. Appl. Eng. Res. 15(6), 569–580 (2020)
R. Vemulakonda and K. Venkatesh, SQLIADP: a novel framework to detectand prevent SQL injection attacks, in Smart Intelligent Computing and Applications. Smart Innovation, Systems and Technologies, Springer. Singapore
A.W. Marashdih and Z.F. Zaaba, Cross site scripting: removing approaches in web application, in 4th Information Systems International Conference 2017, ISICO 2017, Bali, Indonesia (2017)
O. Andreasson (2001) http://onz.es/IpTables%20Tutorial.pdf
The Boyer-Moore Fast String Searching Algorithm. http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/. Accessed 12 May 2018
S.M. Aaqib, To Analyze Performance, Scalability & Security Mechanisms of Apache Web Server Vis-a-vis with contemporary Web Servers. University of Jammu (http://hdl.handle.net/10603/65175), Jammu (2014)
H. Beitollahi and G. Deconinck, Tackling application-layer DDoS attacks, in The 3rd International Conference on Ambient Systems, Networks and Technologies (ANT-2012) (2012)
File Transfer Protocol. https://en.wikipedia.org/wiki/File_Transfer_Protocol#cite_ref-5
Types of Attacks on Web Servers. http://www.idc-online.com/technical_references/pdfs/information_technology/Types_of_Attacks_on_Web_Servers.pdf. Accessed 22 May 2018
T.S. Buddy, What is FTP Bounce Attack? (2017). https://www.thesecuritybuddy.com/vulnerabilities/what-is-ftp-bounce-attack/. Accessed 1 Feb 2018
X.J. Zhu, Y.G. Lin, Analysis of web attack and design of defense system. Adv. Mater. Res. 756–759, 2428–2432 (2013)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Gandotra, N., Sharma, L.S. Exploring the use of Iptables as an Application Layer Firewall. J. Inst. Eng. India Ser. B 101, 707–715 (2020). https://doi.org/10.1007/s40031-020-00497-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40031-020-00497-y