We are working on a mechanism that monitors the connections of a
server and detects potential intrusions via broken connection
(incoming request received, but no reply). We want to thoroughly
understand the possibility of mounting a buffer overflow attack
against a server process without cutting off the connection.
Any insight on this?
Thanks in advance!
Xin
On Mon, 2005-12-26 at 15:47 -0500, Xin Zhao wrote:
> We are working on a mechanism that monitors the connections of a
> server and detects potential intrusions via broken connection
> (incoming request received, but no reply). We want to thoroughly
> understand the possibility of mounting a buffer overflow attack
> against a server process without cutting off the connection.
buffer overflows do not break connections, and as such I think you are
out of luck.
Having said that.. on modern linux distros it's pretty hard to do a
buffer overflow exploit nowadays (NX[1] to make stacks non-executable,
randomisations, compiler based detection (via FORTIFY_SOURCE and/or
-fstackprotector)... add all those together and it's certainly not easy
to do this....
[1] or emulations of NX such as segment limits techniques
Arjan van de Ven escreveu:
>buffer overflows do not break connections, and as such I think you are
>out of luck.
>Having said that.. on modern linux distros it's pretty hard to do a
>buffer overflow exploit nowadays (NX[1] to make stacks non-executable,
>randomisations, compiler based detection (via FORTIFY_SOURCE and/or
>-fstackprotector)... add all those together and it's certainly not easy
>to do this....
>
>
>
>[1] or emulations of NX such as segment limits techniques
>
>
>
Hello!
Locally is very simple to exploit buffer overflows in the linux kernel.
This protections is not
efective very well, so it's possible many attacks... It's possible to
return in mmap() area,
overwrite values em syscall table and after that run malicious code
using mmap() to allocate
data and many others schemes and techniques.
Linux is very robust and its resources is very good, but it is not yet
the solution against buffer overflows.
Best Regards,
Nash Leon
On Tue, 2005-12-27 at 12:18 -0200, [email protected] wrote:
> Arjan van de Ven escreveu:
>
> >buffer overflows do not break connections, and as such I think you are
> >out of luck.
> >Having said that.. on modern linux distros it's pretty hard to do a
> >buffer overflow exploit nowadays (NX[1] to make stacks non-executable,
> >randomisations, compiler based detection (via FORTIFY_SOURCE and/or
> >-fstackprotector)... add all those together and it's certainly not easy
> >to do this....
> >
> >
> >
> >[1] or emulations of NX such as segment limits techniques
> >
> >
> >
>
> Hello!
>
> Locally is very simple to exploit buffer overflows in the linux kernel.
sure kernel space is a whole different kettle of fish. The good news
there however is that in kernel space it's rather rare to work with
buffers on the stack (by virtue of only having a really tiny stack in
the first place). Not impossible but at least rare.