Increasing Firewall Reliability by Recording Routes

  • Paul M Boshoff
  • Martin S Olivier
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


This paper describes an implementation of an experimental firewall. This firewall differs from conventional firewalls since it takes the route a request has followed through the network into account to decide whether packets should be allowed through or not. This enables an organisation to reduce the possibility of spoofing and, in some cases, avoid the use of untrusted network routes by external clients. The code of the firewall is included.

The firewall is intended for TCP/IP networks. It is implemented on the Linux operating system.


Computer-communication Networks—Security and protection Network Protocols—TCP/IP Security and Protection Keyword Codes: C2.0 C2.2 K6.5 


  1. Anonymous (1995) IP spoofing attacks latest threat. Computer Fraud 6 Security Bulletin, March 1995, 1–2.Google Scholar
  2. Bokhari, S.H. (1995) The Linux Operating System. IEEE Computer, 28, 8, 74–9.CrossRefGoogle Scholar
  3. Boshoff, W.H. (1989) A Path Context Model for Computer Security Phenomena in Po-tentially Non-Secure Environments. Ph.D Dissertation, Rand Afrikaans University, Jo-hannesburg.Google Scholar
  4. Boshoff, W.H. and Von Solms, S.H. (1989) A Path Context Model for Addressing Security in Potentially Non-secure Environments. Computers 1X1 Security, 8, 417–25.CrossRefGoogle Scholar
  5. Boshoff, W.H. and Von Solms, S.H. (1990) Application of a Path Context Approach to Computer Security Fundamentals. Information Age, 12, 2, 83–90.Google Scholar
  6. CERT (1995) CERT Summary CS-95:01. Computer Emergency Response Team, Carnegie Mellon University, Pittsburgh, Pennsylvania.Google Scholar
  7. Cheswick, W.R. and Bellovin, S.M. (1994) Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading, Massachusetts.zbMATHGoogle Scholar
  8. Highland, H.J. (1995) IP Spoofing and Hijacked Session Attacks on the Internet. In Random Bits & Bytes, Computers Security, 14, 2, 90–3.CrossRefGoogle Scholar
  9. Olivier, M.S. and Von Solms, S.H. (1993) An Object-based Version of the Path Context Model. International Journal of Computer Mathematics, 49, 3 and 4, 133–44.zbMATHGoogle Scholar
  10. Oppliger, R. (1995) Internet security enters the Middle Ages. IEEE Computer, 28, 10, 100–1.CrossRefGoogle Scholar
  11. Press, L. (1994) Commercialization of the Internet. Communications of the ACM, 37, 11, 17–21.CrossRefGoogle Scholar
  12. RFC791 (1981) DARPA Internet Program Protocol Specification. Information Sciences Institute, University of Southern California, California.Google Scholar
  13. Shay, W.A. (1995) Understanding Data Communications and Networks. PWS Publishing, Boston, Massachusetts.Google Scholar
  14. Spafford, E. (1989) The Internet Worm: Crisis and Aftermath. Communications of the ACM, 32, 6, 678–87.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 1996

Authors and Affiliations

  • Paul M Boshoff
    • 1
  • Martin S Olivier
    • 1
  1. 1.Department of Computer ScienceRand Afrikaans UniversityJohannesburgSouth Africa

Personalised recommendations