1 / 6

Agenda

Agenda. Last words on buffer overflows Overview of a few more techniques Defenses Attacks on network protocols. Stack-based overflow: more techniques. Injected code can be in The overflowed buffer itself An environment variable Another buffer (which is not overflowed)

knewcomb
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda • Last words on buffer overflows • Overview of a few more techniques • Defenses • Attacks on network protocols SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo

  2. Stack-based overflow: more techniques • Injected code can be in • The overflowed buffer itself • An environment variable • Another buffer (which is not overflowed) • Intrusion detection systems • Check for non-ASCII bytes in buffers • Attackers then use polymorphic shellcodes • Non-executable stack • “Return to libc” technique • Point return address to, say, system(), execve() • Feed system() with a string pointing to a shell SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo

  3. Other Overflow Attacks • Heap and BSS overflow • I need more time on this • Use one dynamically allocated variable to overflow another • This will change the way the program behaves • Format string vulnerabilities • Printf() … • Off-by-one overflow SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo

  4. Buffer-overflow defenses • Write correct code • Code auditing (by humans) • Static code analysis: quite effective • Use fault-injection tools, Non-executable stack • Array-bound checking (with compiler) • Code pointer integrity checking • StackShield, StackGuard, PointGuard • Read Phrack Magazine 56 (5), May 2000 SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo

  5. Other things • Password cracking • Dictionary attacks • Exhaustive brute-force attacks • Hash lookup tables • Password probability matrix • WEP attacks • Offline brute-force attacks • Keystream reuse • IP redirection • Fluhrer, Mantin, and Shamir (FMS) attack SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo

  6. Some network protocol attacks & techniques • SYN-flooding • TCP/IP Hijacking • RST hijacking • The ping of death • Ping flooding, amplification attacks • Port scanning • Stealth SYN scan • FIN, X-mas, Null scans • Spoofing decoys • Idle scanning • IP Spoofing and defenses against it SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo

More Related