A3seudo-route%ased0ethod for ,llegal (xternal/ink 'etection

On some high-level confidentiality required intranet which is isolated from Internet physically, the illegal external link is a significant problem. It would lead to the leaking of internal network information. In this paper, we present the design, mechanism, implementation and evaluation of the pseudo-route based method for illegal external link detection. This method overcomes the drawbacks of existing technologies. We also discuss the design and evaluation of several improvement approaches to reduce the false alarm rate and the missed alarm rate. Our experiment shows that the proposed method is good at detecting illegal external link. The accuracy rate of the result is approximately 100%. The IP spoof based way needs two servers, the scanning server in the intranet and the monitor server in the internet. The scanner scans the internal hosts by composing and sending the IP packet whose source IP address is the IP address of monitoring server. If the monitor can receive the response packet of the internal hosts, we can deem that the internal host is illegal with an external link. However, it often resulting in a failed monitoring due to the routers in the internet filtering the packet with abnormal source IP address. In this paper, we presented the design and evaluation of the pseudo-route based method for illegal external link detection. The method adds pseudo-route to the internal router or 3-layer switch. It has no need to send the pseudo packet, and has a good concealment, overcomes the drawbacks of other methods.