---

Security considerations in mobile IP networks using stateful packet filtering firewalls

---

This thesis presents a new approach for improving network security of private networks in Mobile IP environments by using Netfilter Firewall with a new extension to Mobile IP Protocol, IPIP Tunneling and COPS (Common Open Policy Service) protocol. This work permits mobile nodes using Mobile IP to operate in private address networks which are separated from the public Internet by firewalls. To the contrary of the common security implementations between home and private networks such as IPSec or SOCKS, this study relies on the analyses of TCP connection states (by stateful firewalls) of mobile nodes while mobile devices are roaming between home and foreign networks with filtering of IPIP tunneled packets in the middle of a TCP session. A new method is implemented to keep the TCP connections without being broken and maintaining their states throughout the migration between different subnets.