In intrusion detection, SNORT rules are widely used. One vulnerability is the buffer overruns, where the attacker fills

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
answerhappygod
Site Admin
Posts: 899603
Joined: Mon Aug 02, 2021 8:13 am

In intrusion detection, SNORT rules are widely used. One vulnerability is the buffer overruns, where the attacker fills

Post by answerhappygod »

In intrusion detection, SNORT rules are widely used. One
vulnerability is the buffer overruns,
where the attacker fills the buffer to a certain value and adds
this malicious payload at the end of
messages so that it would become executable. The characters the
attacker chooses to use to fill the
buffer can be completely insignificant, but for this problem, we
consider the attacker will use either
consecutive eight “A”s or eight “B”s as the signature to fill the
buffer and cause an overflow.
Your task for this question is to come up with a SNORT rule
detects the attack when a TCP
connection from outside to the internal network targets a port 8080
and has content payload of
either eight consecutive As or eight consecutive Bs. Your rule
should generate an alert with the
message properly formatted for the buffer overflow attack.
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!
Top
Post Reply

Return to “Archived Questions & Answers”