Overlay Convergence Architecture for Legacy Applications

Nov 22, 2006: Website redesigned.

Receiver Imposed Middleboxes

i3 enables hosts to redirect all incoming traffic to go through a middle-box which may be located anywhere in the network. This functionality of i3 can be used to force all incoming traffic to a legacy server to pass through an intrusion detection middlebox, which may not be located on the physical path to the server.

We have set up a webserver on a machine named dilip-secure.pli3. All traffic to dilip-secure.pli3 is forced through a Bro intrusion detection system running on a machine not on the physical path to dilip-secure.pli3. The following diagram illustrates the scenario.

Receiver Imposed Middlebox scenario

Click here to attack dilip-secure.pli3 by trying to fetch /etc/passwd. A new browser window will open - You will not be able to access the file ofcourse :-).

Your attack will be recorded in the Bro Monitoring Page.

Last Updated on 11/22/06 15:51:48