Skip to main content
SpringerLink
Log in

Exploring the use of Iptables as an Application Layer Firewall

  • Original Contribution
  • Published:
Journal of The Institution of Engineers (India): Series B Aims and scope Submit manuscript

Abstract

Application layer attacks pose as a grievous threat to the valuable information stored at Web servers for its illegitimate access. These attacks exploit certain protocols being used by an application of the targeted server, and at network level, these can only be intercepted by reading the contents of the packets before they reach the victim machine. This paper explores the use of Iptables for mitigating such application layer attacks, namely SQL injection, Cross-Site Scripting (XSS), HTTP Flood, FTP Flood and FTP Bounce attacks. The signature keywords used for articulating these attacks were first identified, and then, the new customized Iptables rules were laid for detection and mitigation of these attacks. The Iptables rules were tested on an experimental setup in a real network, and it was found that these rules could successfully detect the attack with the system performance degradation of only about 1% and therefore are easy to implement for configuring a lightweight security solution for application servers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. H. Mao, L. Zhu and M. Li, Current state and future development trend of firewall technology, in 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing (2012)

  2. Iptables, (2017) http://www.Iptables.info/en/structure-of-Iptables.html. Accessed 7 Sept 2017

  3. H. Garantla and O. Gemikonakli, Evaluation of Firewall Effects on Network Performance. School of Engineering and Information Sciences, Middlesex University, London (2009)

  4. S. Nassar, A. El-Sayed and N. Aiad, Improve the network performance by using parallel firewalls, in 2010 6th International Conference on Networked Computing (INC) (2010)

  5. W. Su and J. Xu, Performance Evaluations of Cisco ASA and Linux Iptables Firewall Solutions (2013)

  6. Netfilter Project, www.netfilter.org. Accessed 01 Oct 2017

  7. P. Linde, M. Pumputis and G. Rodr, iptables revisited: a not so ordinary ‘firewall’. https://www.it.uu.se/edu/course/homepage/sakdat/vt09/pm/programme/iptables.pdf. Accessed 3 Feb 2018

  8. G. Rodrigues, R.D.O. Albuquerque, F.D. Deus, R.D. Sousa, G.D.O. Júnior, L. Villalba, T.-H. Kim, Cybersecurity and network forensics: analysis of malicious traffic towards a Honeynet with Deep Packet Inspection. Appl. Sci. 7(10), 1082 (2017)

    Article  Google Scholar 

  9. M. Rash, IDS signature matching with iptables, psad, and fwsnort. login: The Usenix Megazine 32(6), 44–50 (2007)

    Google Scholar 

  10. N. Gandotra, L.S. Sharma, A novel framework for combating network attacks using Iptables. Int. J. Comput. Sci. Eng. 7(3), 226–237 (2019)

    Google Scholar 

  11. M. Rash, Linux Firewalls—Attack Detection and Response (2007)

  12. OWASP WebGoat Project. https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project. Accessed 19 June 2018

  13. Scapy and its Documentation (2017). Available: https://scapy.readthedocs.io/en/latest/. Accessed 22 Oct 2017

  14. fwsnort: Application Layer IDS/IPS with iptables. http://cipherdyne.org/fwsnort/. Accessed Apr 2018

  15. T. Graves and C. Jaiswal, Smart cooperative firewalls: An aid to a safer and secure cyber world, in 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), New York City, NY, USA (2017)

  16. S.D.S. Torshizi, S. Rostampour and M. Tanha, New secure and low-cost design for defense in depth implementation using open source software, in 2011 IEEE Student Conference on Research and Development (2011)

  17. W. Sriphum, T. Chomsiri, P. Attanak and P. Noitarong, SQL injection protector, in 2011 International Conference on Modeling, Simulation and Control IPCSIT IACSIT Press, Singapore (2011)

  18. H. Alnabulsi, M.R. Islam and Q. Mamun, Detecting SQL injection attacks using SNORT IDS, in Asia-Pacific World Congress on Computer Science and Engineering, Nadi, Fiji (2014)

  19. H. AlNabulsi, I. Alsmadi, M. Al-Jarrah, Textual manipulation for SQL injection attacks. I.J. Comput Netw. Inf. Secur. 1, 26–33 (2013)

    Google Scholar 

  20. G.B. Satrya, S.Y. Shin, Optimizing rule on open source firewall using content and PCRE combination. J. Adv. Comput. Netw. 3(4), 308–314 (2015)

    Article  Google Scholar 

  21. M. Dabbour, I. Alsmadi, E. Alsukhni, Efficient assessment and evaluation for websites vulnerabilities using SNORT. Int. J. Secur. Its Appl. 7(1), 7–16 (2013)

    Google Scholar 

  22. K.K. Mookhey and N. Burghate, Detection of SQL Injection and Cross-site Scripting Attacks. http://www.securityfocus.com/infocus/1768

  23. Y.G. Dantas, V. Nigam and I.E. Fonseca, A selective defense for application layer DDoS attacks, in 2014 IEEE Joint Intelligence and Security Informatics Conference (2014)

  24. M. Tahir, M. Li, N. Ayoub, U. Shehzaib, A. Wagan, A novel DDoS floods detection and testing approaches for network traffic based on linux techniques. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 9(2), 341–357 (2018)

    Google Scholar 

  25. R.F. Silva, R. Barbosa, J. Bernardino, Intrusion detection systems for mitigating SQL injection attacks: review and state-of-practice. Int. J. Inf. Secur. Privacy 14(2), 20–40 (2020)

    Article  Google Scholar 

  26. I. Jemal, O. Cheikhrouhou, H. Hamam, A. Mahfoudhi, SQL injection attack detection and prevention techniques using machine learning. Int. J. Appl. Eng. Res. 15(6), 569–580 (2020)

    Google Scholar 

  27. R. Vemulakonda and K. Venkatesh, SQLIADP: a novel framework to detectand prevent SQL injection attacks, in Smart Intelligent Computing and Applications. Smart Innovation, Systems and Technologies, Springer. Singapore

  28. A.W. Marashdih and Z.F. Zaaba, Cross site scripting: removing approaches in web application, in 4th Information Systems International Conference 2017, ISICO 2017, Bali, Indonesia (2017)

  29. O. Andreasson (2001) http://onz.es/IpTables%20Tutorial.pdf

  30. The Boyer-Moore Fast String Searching Algorithm. http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/. Accessed 12 May 2018

  31. S.M. Aaqib, To Analyze Performance, Scalability & Security Mechanisms of Apache Web Server Vis-a-vis with contemporary Web Servers. University of Jammu (http://hdl.handle.net/10603/65175), Jammu (2014)

  32. H. Beitollahi and G. Deconinck, Tackling application-layer DDoS attacks, in The 3rd International Conference on Ambient Systems, Networks and Technologies (ANT-2012) (2012)

  33. File Transfer Protocol. https://en.wikipedia.org/wiki/File_Transfer_Protocol#cite_ref-5

  34. Types of Attacks on Web Servers. http://www.idc-online.com/technical_references/pdfs/information_technology/Types_of_Attacks_on_Web_Servers.pdf. Accessed 22 May 2018

  35. T.S. Buddy, What is FTP Bounce Attack? (2017). https://www.thesecuritybuddy.com/vulnerabilities/what-is-ftp-bounce-attack/. Accessed 1 Feb 2018

  36. X.J. Zhu, Y.G. Lin, Analysis of web attack and design of defense system. Adv. Mater. Res. 756–759, 2428–2432 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and IT, University of Jammu, Jammu, India

    Nikita Gandotra & Lalit Sen Sharma

Authors
  1. Nikita Gandotra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lalit Sen Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikita Gandotra.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gandotra, N., Sharma, L.S. Exploring the use of Iptables as an Application Layer Firewall. J. Inst. Eng. India Ser. B 101, 707–715 (2020). https://doi.org/10.1007/s40031-020-00497-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s40031-020-00497-y

Keywords

Search

Navigation