The Research Of Buffer Overflow Vulnerability And Advanced Evasion Techniques

With the universalization of network applications, making the network more and more be used in all aspects of the society.At the same time, with more diverse users on the Internet, the network intrusion and attack are also more frequent.The application of the network also involves national important domains such as finance, defense, so attention to network security is very necessary.Buffer overflow attacks is a classic and very effective network attacks.The attackers could exploit this buffer overflow to perform unauthorized instructions, and even get system privileges to perform various illegal operations.This paper gives the overview and summary of the basic principle of buffer overflow attacks,the main mechanism of buffer overflow attack and the attack process. And it introduces several common overflow vulnerability, especially for RPC interface illustration and description of the RPC Interface buffer overflow vulnerability works. This thesis using reverse engineering of Windows Server Service RPC request Overflow Vulnerability (MS08-067) for the specific analysis and research, to find the overflow point of the vulnerability. Then using VMWare virtual machine and the MetaSploit FrameWork (MSF) to set up the experimental environment, simulate the real network environment, implement the vulnerabilities and capturing packets are analyzed. Finally, deploy Intrusion Prevention System (IPS) in the environment for effective defense.At the same time on the basis of the buffer overflow vulnerabilities. the thesis also analyzed the escape of the Intrusion Prevention System technology, and these techniques can be divided into three categories:simple escape techniques, complex escape technology and advanced technology (AET). According to the principle of the technical background, summarized in the form of these attacks. This subject using self-developed escape testing tool for simulation, simulate the real network environment in the escape of the intrusion detection equipment. Experiments using testing tool implemented a simple single escape technique as well as different mutual combination levels of advanced escape techniques, and did specific analysis for these techniques by capturing packet. Finally,according to the characters of experiments, the corresponding defense methods for buffer overflow vulnerabilities and escape technology are presented.