Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xitao Wen Xin Zhao Taiyo Sogawa. Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating.

Published byOscar Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "Xitao Wen Xin Zhao Taiyo Sogawa. Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating."— Presentation transcript:

1 Xitao Wen Xin Zhao Taiyo Sogawa

2 Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating protocol-level attack payload

3 We could know Cisco IPS signatures o which tells what can be detected Vulnerability description o which tells how the vul is triggered By comparing the two, we can understand the flaw of the signatures.

4  Academic work ◦ A comparison of Intrusion Detection systems (2001), by E. Biermann, etc. ◦ Research in Intrusion-Detection Systems (1999): A Survey, by S Axelsson.  Commercial test on IPS ◦ NSS labs: test 1000 wild exploits on commercial IPS  No research on robustness and expressiveness on signatures.

5  Chose vulnerabilities based on whether… ◦ open source ◦ current ◦ an IPS Signature exists  Installed correct versions of software on Linux machine and tested if they ran correctly  Throw aways: PHP : horde CVE-2012-0209 Oracle: CVE-2010-3585 SquirrelMail: CVE-2003-0990  Decide to use Samba and Mysql SSL

6 Open source network file system Implementation of SMB (Server Message Block)/ CIFS (Common Internet File System) Allows transferring files between windows and linux machines

7

8 \xff\x53\x4d\x42\x32[\x00-\xff] + \x00\x14 ((\x04[^\x00]) | [\x05-\xff]) (Equivalent to *) (Not x00) (Or x05-xff) (Specs for Cisco signature 3325/0)

9

10 ...

11

12  SSL – Secure Socket Layer ◦ data is encrypted by the SSL code ◦ SSL handshake flow ◦ Symmetric key cryptography is used to encrypt and decrypt application data messages

13

14

15

16 \xcd\xa7\x21K\xe3U\xb3\x89\x3b\x00\xbeS H\xe9A\xac\x0e\x02\xd9\x93\xce\xda\xf2 \xa2\xa3kMB\x60\xaa\xec\x02bb\x00Paaaa aaaa Still cannot match…

17  Linux machine ◦ Samba 2.0 Installed ◦ MySQL 5.0 Installed  Cisco IPS 4270 Linux Server Cisco IPS Client

18  Challenges ◦ Each vulnerability has to be studied and altered by hand  Scope ◦ No automated process, so benchmarking not possible ◦ Measurement of success: whether or not exploit is detected  Goals ◦ Study 4 vulnerabilities in-depth ◦ Modify existing exploits to evade Cisco Signature ◦ Launch 4 attacks, (hopefully) undetected by IPS

Download ppt "Xitao Wen Xin Zhao Taiyo Sogawa. Protocol-level vulnerability and attack Defense: Intrusion Detection/Prevention Our goal o Defeat Cisco IPS by manipulating."

Similar presentations

The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues.

The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Cryptography and Network Security

Cryptography and Network Security
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang.

SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Network Security Secure hypertext transfer protocol (https) Cookies Public Key Cryptography.

Network Security Secure hypertext transfer protocol (https) Cookies Public Key Cryptography.
Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.

Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI.

DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI.
TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.

TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.

Similar presentations

Ads by Google