J4 ›› 2015, Vol. 42 ›› Issue (4): 20-26+40.doi: 10.3969/j.issn.1001-2400.2015.04.004

• 研究论文 • 上一篇    下一篇

一种简单网络管理协议漏洞挖掘算法

王志强1;张玉清1,2;刘奇旭2;黄庭培2   

  1. (1. 西安电子科技大学 综合业务网理论及关键技术国家重点实验室,陕西 西安  710071;
    2. 中国科学院大学 国家计算机网络入侵防范中心,北京  101408)
  • 收稿日期:2014-03-12 出版日期:2015-08-20 发布日期:2015-10-12
  • 通讯作者: 王志强
  • 作者简介:王志强(1985-),男,西安电子科技大学博士研究生,E-mail: wangzq@nipc.org.cn.
  • 基金资助:

    国家自然科学基金资助项目(61272481, 61303239)

Algorithm for discovering SNMP protocol vulnerability

WANG Zhiqiang1;ZHANG Yuqing1,2;LIU Qixu2;HUANG Tingpei2   

  1. (1. State Key Lab. of Integrated Service Networks, Xidian Univ., Xi'an  710071, China;
    2. National Computer Network Intrusion Protection Center, Univ. of the Chinese Academy of Sciences, Beijing  100190, China)
  • Received:2014-03-12 Online:2015-08-20 Published:2015-10-12
  • Contact: WANG Zhiqiang

摘要:

提出一种简单网络管理协议漏洞挖掘算法,优化了测试用例构造策略,解决了单一的测试用例构造策略、缺少异常监控和调试器或监控和调试不适用等问题.首先,根据简单网络管理协议的RFC文档,使用基于生成的多维策略构造测试用例; 其次,根据已知漏洞数据和异常数据,使用基于变异的多维策略构造测试用例.根据算法,开发了一个漏洞工具SRPFuzzer,并选择思科路由器、wireshark等路由器和软件进行实验,发现了4类安全漏洞,证明了工具的有效性;同时,选择PROTOS等相关的漏洞挖掘工具进行对比,SRPFuzzer在测试用例构造、监控和调试、漏洞挖掘能力等方面均优于以往的工具.

关键词: 网络协议, 网络安全, 漏洞挖掘, Fuzzing技术

Abstract:

An algorithm for discovering SNMP protocol vulnerabilities is proposed, which solves several problems including single and one-dimensional strategies of constructing test cases, lack of the exception monitor and debugger or inapplicability of the network and SNMP-related software. First, by analyzing the SNMP RFC specification, the algorithm adopts the generation strategy for constructing test cases. Second, the mutation strategy is adopted to construct test cases on the basis of known information about SNMP vulnerabilities and the previous malformed data. According to the algorithm, a tool named tje SRPFuzzer is developed for bug hunting. Finally, an experiment is done on routers and software, including the Cisco router, wireshark and so on. Four groups of vulnerabilities are found, which verifies the SRPFuzzer's validity. Meanwhile, comparing with the PROTOS and other 3 tools, the SRPFuzzer is superior to these tools at test case construction, monitoring, debugging, bug hunting ability and so on.

Key words: network protocols, network security, vulnerability discovering, Fuzzing