Download presentation
Presentation is loading. Please wait.
Published byOscar Morgan Modified over 9 years ago
1
Xitao Wen Xin Zhao Taiyo Sogawa
2
Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating protocol-level attack payload
3
We could know Cisco IPS signatures o which tells what can be detected Vulnerability description o which tells how the vul is triggered By comparing the two, we can understand the flaw of the signatures.
4
Academic work ◦ A comparison of Intrusion Detection systems (2001), by E. Biermann, etc. ◦ Research in Intrusion-Detection Systems (1999): A Survey, by S Axelsson. Commercial test on IPS ◦ NSS labs: test 1000 wild exploits on commercial IPS No research on robustness and expressiveness on signatures.
5
Chose vulnerabilities based on whether… ◦ open source ◦ current ◦ an IPS Signature exists Installed correct versions of software on Linux machine and tested if they ran correctly Throw aways: PHP : horde CVE-2012-0209 Oracle: CVE-2010-3585 SquirrelMail: CVE-2003-0990 Decide to use Samba and Mysql SSL
6
Open source network file system Implementation of SMB (Server Message Block)/ CIFS (Common Internet File System) Allows transferring files between windows and linux machines
8
\xff\x53\x4d\x42\x32[\x00-\xff] + \x00\x14 ((\x04[^\x00]) | [\x05-\xff]) (Equivalent to *) (Not x00) (Or x05-xff) (Specs for Cisco signature 3325/0)
10
...
12
SSL – Secure Socket Layer ◦ data is encrypted by the SSL code ◦ SSL handshake flow ◦ Symmetric key cryptography is used to encrypt and decrypt application data messages
16
\xcd\xa7\x21K\xe3U\xb3\x89\x3b\x00\xbeS H\xe9A\xac\x0e\x02\xd9\x93\xce\xda\xf2 \xa2\xa3kMB\x60\xaa\xec\x02bb\x00Paaaa aaaa Still cannot match…
17
Linux machine ◦ Samba 2.0 Installed ◦ MySQL 5.0 Installed Cisco IPS 4270 Linux Server Cisco IPS Client
18
Challenges ◦ Each vulnerability has to be studied and altered by hand Scope ◦ No automated process, so benchmarking not possible ◦ Measurement of success: whether or not exploit is detected Goals ◦ Study 4 vulnerabilities in-depth ◦ Modify existing exploits to evade Cisco Signature ◦ Launch 4 attacks, (hopefully) undetected by IPS
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.