The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Uma ampla gama de protocolos de comunicação foi desenvolvida recentemente para abordar a diversificação de serviços. Ao mesmo tempo, firewalls (FWs) são instalados nas fronteiras entre redes internas, como aquelas pertencentes a empresas e residências, e a Internet. Em geral, os FWs são configurados como whitelists e liberam apenas a porta correspondente ao serviço a ser utilizado e bloqueiam a comunicação de outras portas. Em um estudo anterior, propusemos um método para atravessar um FW e permitir a comunicação inserindo um cabeçalho de pseudo-transmission control protocol (TCP) imitando HTTPS em um pacote, que normalmente seria bloqueado pelo FW. Nesse estudo, confirmamos a eficiência do método proposto através de sua implementação e experimentos. Embora as técnicas comuns de encapsulamento funcionem em nós finais, a implementação anterior funcionou no nó de retransmissão assumindo um roteador. Além disso, os middleboxes, que substituem os cabeçalhos L3 e L4 na Internet, precisam ser levados em consideração. Conseqüentemente, reimplementamos o método proposto em um nó final e adicionamos um recurso que contraria uma middlebox típica, ou seja, NAPT, em nossa implementação. Neste artigo, descrevemos a confirmação funcional e avaliações de desempenho de ambas as versões do método proposto.
Keigo TAGA
Ritsumeikan University
Junjun ZHENG
Ritsumeikan University
Koichi MOURI
Ritsumeikan University
Shoichi SAITO
Nagoya Institute of Technorolgy
Eiji TAKIMOTO
Hiroshima Institute of Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Keigo TAGA, Junjun ZHENG, Koichi MOURI, Shoichi SAITO, Eiji TAKIMOTO, "Firewall Traversal Method by Pseudo-TCP Encapsulation" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 1, pp. 105-115, January 2022, doi: 10.1587/transinf.2021EDP7050.
Abstract: A wide range of communication protocols has recently been developed to address service diversification. At the same time, firewalls (FWs) are installed at the boundaries between internal networks, such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists and release only the port corresponding to the service to be used and block communication from other ports. In a previous study, we proposed a method for traversing a FW and enabling communication by inserting a pseudo-transmission control protocol (TCP) header imitating HTTPS into a packet, which normally would be blocked by the FW. In that study, we confirmed the efficiency of the proposed method via its implementation and experiments. Even though common encapsulating techniques work on end-nodes, the previous implementation worked on the relay node assuming a router. Further, middleboxes, which overwrite L3 and L4 headers on the Internet, need to be taken into consideration. Accordingly, we re-implemented the proposed method into an end-node and added a feature countering a typical middlebox, i.e., NAPT, into our implementation. In this paper, we describe the functional confirmation and performance evaluations of both versions of the proposed method.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021EDP7050/_p
Copiar
@ARTICLE{e105-d_1_105,
author={Keigo TAGA, Junjun ZHENG, Koichi MOURI, Shoichi SAITO, Eiji TAKIMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Firewall Traversal Method by Pseudo-TCP Encapsulation},
year={2022},
volume={E105-D},
number={1},
pages={105-115},
abstract={A wide range of communication protocols has recently been developed to address service diversification. At the same time, firewalls (FWs) are installed at the boundaries between internal networks, such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists and release only the port corresponding to the service to be used and block communication from other ports. In a previous study, we proposed a method for traversing a FW and enabling communication by inserting a pseudo-transmission control protocol (TCP) header imitating HTTPS into a packet, which normally would be blocked by the FW. In that study, we confirmed the efficiency of the proposed method via its implementation and experiments. Even though common encapsulating techniques work on end-nodes, the previous implementation worked on the relay node assuming a router. Further, middleboxes, which overwrite L3 and L4 headers on the Internet, need to be taken into consideration. Accordingly, we re-implemented the proposed method into an end-node and added a feature countering a typical middlebox, i.e., NAPT, into our implementation. In this paper, we describe the functional confirmation and performance evaluations of both versions of the proposed method.},
keywords={},
doi={10.1587/transinf.2021EDP7050},
ISSN={1745-1361},
month={January},}
Copiar
TY - JOUR
TI - Firewall Traversal Method by Pseudo-TCP Encapsulation
T2 - IEICE TRANSACTIONS on Information
SP - 105
EP - 115
AU - Keigo TAGA
AU - Junjun ZHENG
AU - Koichi MOURI
AU - Shoichi SAITO
AU - Eiji TAKIMOTO
PY - 2022
DO - 10.1587/transinf.2021EDP7050
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 1
JA - IEICE TRANSACTIONS on Information
Y1 - January 2022
AB - A wide range of communication protocols has recently been developed to address service diversification. At the same time, firewalls (FWs) are installed at the boundaries between internal networks, such as those owned by companies and homes, and the Internet. In general, FWs are configured as whitelists and release only the port corresponding to the service to be used and block communication from other ports. In a previous study, we proposed a method for traversing a FW and enabling communication by inserting a pseudo-transmission control protocol (TCP) header imitating HTTPS into a packet, which normally would be blocked by the FW. In that study, we confirmed the efficiency of the proposed method via its implementation and experiments. Even though common encapsulating techniques work on end-nodes, the previous implementation worked on the relay node assuming a router. Further, middleboxes, which overwrite L3 and L4 headers on the Internet, need to be taken into consideration. Accordingly, we re-implemented the proposed method into an end-node and added a feature countering a typical middlebox, i.e., NAPT, into our implementation. In this paper, we describe the functional confirmation and performance evaluations of both versions of the proposed method.
ER -