






























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Project; Professor: Greenstadt; Class: Computer and Network Security; Subject: Computer Science; University: Drexel University; Term: Winter 2009;
Typology: Study Guides, Projects, Research
1 / 38
This page cannot be seen from the preview
Don't miss anything!































Worm was released in 1988 by Robert Morris
Graduate student at Cornell, son of NSA chief scientist
Convicted under Computer Fraud and Abuse Act, sentenced to 3 years of probation and 400 hours of community service
Now an EECS professor at MIT (advised my Masters’ thesis)
Worm was intended to propagate slowly and harmlessly measure the size of the Internet
Due to a coding error, it created new copies as fast as it could and overloaded infected machines
$10-100M worth of damage
One of the worm’s propagation techniques was a buffer overflow attack against a vulnerable version of fingerd on VAX systems
By sending special string to finger daemon, worm caused it to execute code creating a new worm copy
Unable to determine remote OS version, worm also attacked fingerd on Suns running BSD, causing them to crash (instead of spawning a new copy)
CERT formed to deal with the new threat of software vulnerabilities
Buffer is a data storage area inside computer memory (stack or heap)
Intended to hold pre-defined amount of data
If more data is stuffed into it, it spills into adjacent memory
If executable code is supplied as “data”, victim’s machine may be fooled into executing it – we’ll see how
Code will self-propagate or give attacker control over machine
First generation exploits: stack smashing
Second gen: heaps, function pointers, off-by-one
Third generation: format strings and heap management structures
Linux process memory layout
What if buffer is overstuffed?
Buffer Overflows void function(char *str) { char buffer[8]; strcpy(buffer,str); } void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; function(large_string); }
Buffer Overflows
Buffer Overflows
Buffer Overflows
Buffer Overflows
Buffer Overflows
Executing Attack Code