Network attacks pose as grievous threat to the stability of the Internet and are a major security concern as they can breach the security of the network or even make the victim unavailable. The network attack packets can intercepted by using Iptables before they can reach the victim machine. Iptables is the standard firewall included in Linux distributions for handling the kernel Netfilter modules. The effectiveness of the defense provided by the Iptables firewall mainly depends on its rules. In this paper, we have proposed a novel framework with new customized Iptables rules for mitigating fifteen types of network attacks which include port scanning; denial of service attacks, TCP, UDP, and ICMP based attacks etc. The performance of Iptables with these rules is evaluated with the real experiments for examining the competence of firewall in managing the network traffic and security when subjected to attack flow along with the normal traffic. The performance of Iptables is recorded in the terms of CPU utilization for processing and Logs generation, Frame Loss Ratio and Efficiency. The attack traffic is generated using Scapy for execution of the attacks whereas the normal traffic is generated using a traffic generator called D-ITG. It was found that Iptables could successfully detect the network attack and performed really well during the mitigation of such attacks.

Iptables, Netfilter, Scapy, DITG, network-attacks

[1] W. Su and J. Xu, "Performance Evaluations of Cisco ASA and Linux Iptables Firewall Solutions," May 2013.
[2] "Netfilter Project," [Online]. Available: www.netfilter.org. [Accessed 01 October 2017].
[3] "Iptables," 2017. [Online]. Available: http://www.Iptables.info/en/structure-of-Iptables.html. [Accessed 7 September 2017].
[4] "Monitoring and Tuning the Linux Networking Stack: Receiving Data," May 2016. [Online]. Available: https://blog.packagecloud.io/eng/2016/06/22/monitoring-tuning-linux-networking-stack-receiving-data/. [Accessed 27 September 2017].
[5] R. K. C. Chang, "Defending against Flooding-Based Distributed Denial-of-Service Attacks:A Tutorial," IEEE Communications Magazine, pp. 42-51, October 2002.
[6] "Scapy and its Documentation," 6 Nov 2017. [Online]. Available: https://scapy.readthedocs.io/en/latest/. [Accessed 22 October 2017].
[7] A. Botta, W. Donato, A. Dainotti, S. Avallone and A. Pescapé. [Online]. Available:http://traffic.comics.unina.it/software/ITG/ manual/. [Accessed 16 November 2017].
[8] O. Andreasson, 2001. [Online]. Available: http://onz.es/IpTables %20Tutorial.pdf. [Accessed 5 October 2017].
[9] M. Rash, Linux Firewalls- Attack Detection and Response, 2007.
[10] K. Chatterjee, "Design and Development of a Framework to Mitigate DoS/DDoS Attacks Using IPtables Firewall," International Journal of Computer Science and Telecommunications , vol. 4, no. 3, pp. 67-72, March 2013.
[11] B. Sharma and K. Bajaj, "Packet Filtering using IP Tables in Linux," International Journal of Computer Science Issues(IJCSI), vol. 8, no. 4, pp. 320-325, July 2011.
[12] B. Q. M. AL-Musawi, "Mitigating DoS/DDoS Attacks Using Iptables," International Journal of Engineering & Technology IJET-IJENS, vol. 12, no. 03, pp. 101-111, June 2012.
[13] S. Mirzaie, A. K. Elyato and D. A. Sarram, "Preventing of SYN Flood attack with iptables Firewall," in 2010 Second International Conference on Communication Software and Networks.
[14] M. Šimon, L. Huraj and M. Čerňanský, "Performance Evaluations of IPTables Firewall Solutions under DDoS attacks," Journal of Applied Mathematics Statistics and Informatics (JAMSI), vol. 11, no. 2, pp. 35-45, 2015.
[15] A. Balobaid, W. Alawad and H. Aljasim, "A Study on the Impacts of DoS and DDoS Attacks on Cloud and Mitigation Techniques," in 2016 International Conference on Computing, Analytics and Security Trends (CAST), College of Engineering Pune, India. Dec 19-21, 2016, 2016.
[16] M. Y. Arafat, M. M. Alam and F. Ahmed, "A Realistic Approach and Mitigation Techniques for Amplifying DDOS Attack on DNS," in Proceedings of 10th Global Engineering, Science and Technology Conference, BIAM Foundation, Dhaka, Bangladesh, 2-3 January, 2015.
[17] K. Salah, K. Elbadawi and R. Boutaba, "Performance Modelling and Analysis of Network Firewalls," IEEE Transactions on Network and Service Management, vol. 9, no. 1, pp. 12-20, March 2012.
[18] T. Hayajneh, B. J. Mohd, A. Itradat and A. N. Quttoum, "Performance and Information Security Evaluation with Firewalls," International Journal of Security and Its Applications, vol. 7, no. 6, pp. 355-372, 2013.
[19] S. M. Aaqib, "To Analyze Performance, Scalability & Security Mechanisms of Apache Web Server Vis-a-vis with contemporary Web Servers," University of Jammu. Available: [http://hdl.handle.net/10603/65175], Jammu, 2014.
[20] S. Mishra, S. Sonavane and A. Gupta, "Study of Traffic Generation Tools," International Journal of Advanced Research in Computer and Communication Engineering, (IJARCCE) Vol. 4, Issue 6, June 2015.
[21] "BULK Email," BESI Marketing Solutions, [Online]. Available: http://www.bulkemailsmsindia.com/. [Accessed 12 December 2017].
[22] "Bulk Email service," Mail Marketer, [Online]. Available: http://mailmarketer.in/.
[23] R. J. Shimonski, D. L. Shinder, T. W. Shinder and A. C.-. Henmi, Best Damn Firewall Book Period, Syngress, ISBN: 1-931836-90-6, 2003.
[24] S. Sharma, Y. Verma and A. Nadda, “Information Security: Cyber Security Challenges,” International Journal of Scientific Research in Computer Science and Engineering, Vol.7, Issue.1, pp.10-15, February (2019)
[25] P. Santra, “An Expert Forensic Investigation System for Detecting Malicious Attacks and Identifying Attackers in Cloud Environment,” International Journal of Scientific Research in Network Security and Communication, Volume-6, Issue-5, October 2018.