Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xitao Wen Xin Zhao Taiyo Sogawa. Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating.

Similar presentations


Presentation on theme: "Xitao Wen Xin Zhao Taiyo Sogawa. Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating."— Presentation transcript:

1 Xitao Wen Xin Zhao Taiyo Sogawa

2 Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating protocol-level attack payload

3 We could know Cisco IPS signatures o which tells what can be detected Vulnerability description o which tells how the vul is triggered By comparing the two, we can understand the flaw of the signatures.

4  Academic work ◦ A comparison of Intrusion Detection systems (2001), by E. Biermann, etc. ◦ Research in Intrusion-Detection Systems (1999): A Survey, by S Axelsson.  Commercial test on IPS ◦ NSS labs: test 1000 wild exploits on commercial IPS  No research on robustness and expressiveness on signatures.

5  Chose vulnerabilities based on whether… ◦ open source ◦ current ◦ an IPS Signature exists  Installed correct versions of software on Linux machine and tested if they ran correctly  Throw aways: PHP : horde CVE-2012-0209 Oracle: CVE-2010-3585 SquirrelMail: CVE-2003-0990  Decide to use Samba and Mysql SSL

6 Open source network file system Implementation of SMB (Server Message Block)/ CIFS (Common Internet File System) Allows transferring files between windows and linux machines

7

8 \xff\x53\x4d\x42\x32[\x00-\xff] + \x00\x14 ((\x04[^\x00]) | [\x05-\xff]) (Equivalent to *) (Not x00) (Or x05-xff) (Specs for Cisco signature 3325/0)

9

10 ...

11

12  SSL – Secure Socket Layer ◦ data is encrypted by the SSL code ◦ SSL handshake flow ◦ Symmetric key cryptography is used to encrypt and decrypt application data messages

13

14

15

16 \xcd\xa7\x21K\xe3U\xb3\x89\x3b\x00\xbeS H\xe9A\xac\x0e\x02\xd9\x93\xce\xda\xf2 \xa2\xa3kMB\x60\xaa\xec\x02bb\x00Paaaa aaaa Still cannot match…

17  Linux machine ◦ Samba 2.0 Installed ◦ MySQL 5.0 Installed  Cisco IPS 4270 Linux Server Cisco IPS Client

18  Challenges ◦ Each vulnerability has to be studied and altered by hand  Scope ◦ No automated process, so benchmarking not possible ◦ Measurement of success: whether or not exploit is detected  Goals ◦ Study 4 vulnerabilities in-depth ◦ Modify existing exploits to evade Cisco Signature ◦ Launch 4 attacks, (hopefully) undetected by IPS


Download ppt "Xitao Wen Xin Zhao Taiyo Sogawa. Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating."

Similar presentations


Ads by Google