David J Day and Zheng-Xu Zhao. Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, vol. 8, no. 4, pp. 472-483, 2011. DOI: 10.1007/s11633-011-0606-0
Citation: David J Day and Zheng-Xu Zhao. Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, vol. 8, no. 4, pp. 472-483, 2011. DOI: 10.1007/s11633-011-0606-0

Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

  • Writable XOR executable (WX) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits1. However, they have not proved to be a panacea1-3, and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including WX and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.
  • loading

Catalog

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return