In intrusion detection, SNORT rules are widely used. One vulnerability is the buffer overruns, where the attacker fills
Posted: Fri May 20, 2022 12:38 pm
In intrusion detection, SNORT rules are widely used. One
vulnerability is the buffer overruns,
where the attacker fills the buffer to a certain value and adds
this malicious payload at the end of
messages so that it would become executable. The characters the
attacker chooses to use to fill the
buffer can be completely insignificant, but for this problem, we
consider the attacker will use either
consecutive eight “A”s or eight “B”s as the signature to fill the
buffer and cause an overflow.
Your task for this question is to come up with a SNORT rule
detects the attack when a TCP
connection from outside to the internal network targets a port 8080
and has content payload of
either eight consecutive As or eight consecutive Bs. Your rule
should generate an alert with the
message properly formatted for the buffer overflow attack.
vulnerability is the buffer overruns,
where the attacker fills the buffer to a certain value and adds
this malicious payload at the end of
messages so that it would become executable. The characters the
attacker chooses to use to fill the
buffer can be completely insignificant, but for this problem, we
consider the attacker will use either
consecutive eight “A”s or eight “B”s as the signature to fill the
buffer and cause an overflow.
Your task for this question is to come up with a SNORT rule
detects the attack when a TCP
connection from outside to the internal network targets a port 8080
and has content payload of
either eight consecutive As or eight consecutive Bs. Your rule
should generate an alert with the
message properly formatted for the buffer overflow attack.