| In the past few years, with the rapid development of the Internet, more and more attacks on network protocols emerge, the security of the network has become a real problem, and how to deal with it is an important issue to which we have to pay lots of attention. As we all know, the attack on the Windows RPC vulnerabilities is the one of the most deleterious network attacks which can bring up considerable loss. To be more exact, it should be the most notorious one. Because Windows OS platform is holding the most of the market share, in the other word, most of the PCs all over the world run Windows OS! So, once there is attack of this kind appearing in the network, it will spread fast and its influence will be fargoing too! In this paper, I choose method of Windows RPC attack detection as the object to study, and I suppose there is much theoretical and practical meaning in that.In this paper, the knowledge relevant with attack on RPC vulnerabilities is introduced firstly to provide a theoretical basis for the whole detection system design, which includes the mechanism of RPC communication, principle of network worm, buffer overflow and how to establish rule of network attack signature. After studying on the mechanism of DCE/RPC, I put forth a new detection method which introduces application layer protocol (SMB protocol) decoding into the detection system, and breaks through the limitation of the present detection method which is focusing on the relative lower layers (network layer and transport layer). Moreover the concept of a unified RPC protocol data extracting platform is put forward which can be used to eliminate the differences between the existing protocol sequences for DCE/RPC protocol data transport, this platform can facilitate the process of extract and detection on DCE/RPC protocol data. |
PDF Full Text Request