一种简单网络管理协议漏洞挖掘算法

doi:10.3969/j.issn.1001-2400.2015.04.004

Abstract

Abstract:

An algorithm for discovering SNMP protocol vulnerabilities is proposed, which solves several problems including single and one-dimensional strategies of constructing test cases, lack of the exception monitor and debugger or inapplicability of the network and SNMP-related software. First, by analyzing the SNMP RFC specification, the algorithm adopts the generation strategy for constructing test cases. Second, the mutation strategy is adopted to construct test cases on the basis of known information about SNMP vulnerabilities and the previous malformed data. According to the algorithm, a tool named tje SRPFuzzer is developed for bug hunting. Finally, an experiment is done on routers and software, including the Cisco router, wireshark and so on. Four groups of vulnerabilities are found, which verifies the SRPFuzzer's validity. Meanwhile, comparing with the PROTOS and other 3 tools, the SRPFuzzer is superior to these tools at test case construction, monitoring, debugging, bug hunting ability and so on.

Key words: network protocols, network security, vulnerability discovering, Fuzzing

WANG Zhiqiang;ZHANG Yuqing;LIU Qixu;HUANG Tingpei. Algorithm for discovering SNMP protocol vulnerability[J].J4, 2015, 42(4): 20-26+40.

References

［1］ Case J, Fedor M, Schoffstall M, et al. RFC 1157: Simple Network Management Protocol (SNMP) ［S］. California: IETF, 1990.
［2］ Oulu University Secure Programming Group. PROTOS Test-suite: c06-snmpv1 ［CP／OL］. ［2014-02-21］. https://www.ee.oulu.fi／resear ch／ouspg／PROTOS_Test-Suite_c06-snmpv1.
［3］ Liu Q, Zhang Y. TFTP Vulnerability Finding Technique Based on Fuzzing ［J］. Computer Communications, 2008, 31(14): 3420-3426.
［4］王颖, 杨义先, 钮心忻, 等. 基于控制流序位比对的智能Fuzzing测试方法［J］. 通信学报, 2013, 34(4): 114-121.
Wang Ying, Yang Yixian, Niu Xinxin, et al. Smart Fuzzing Method Based on Comparison Algorithm of Control Flow Sequences ［J］. Journal on Communications, 2013, 34(4): 114-121.
［5］张宝峰, 张翀斌, 许源. 基于模糊测试的网络协议漏洞挖掘［J］. 清华大学学报(自然科学版), 2009, 49(S2): 2113-2118.
Zhang Baofeng, Zhang Chongbin, Xu Yuan. Network Protocol Vulnerability Discovery Based on Fuzzy Testing ［J］. Journal of Tsinghua University (Science and Technology), 2009, 49(S2): 2113-2118.
［6］ Shapiro R, Bratus S, Rogers E, et al. Critical Infrastructure Protection V ［M］. Berlin: Springer, 2011: 57-72.
［7］ Wang Z, Zhang Y, Liu Q. RPFuzzer: a Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing ［J］. KSII Transactions on Internet ＆ Information Systems, 2013, 7(8): 1989-2009.
［8］ Waldbusser S, Rose M, Case J, et al. Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2) ［S］. California: IETF, 1993.
［9］ Mundy R, Partain D, Stewart B. Introduction to Version 3 of the Internet-standard Network Management Framework ［S］. California: IETF, 1999.
［10］ Miller C, Peterson Z. Analysis of Mutation and Generation-based Fuzzing ［R］. Independent Security Evaluators, 2007.
［11］ Wu Z, Atwood J, Zhu X. A New Fuzzing Technique for Software Vulnerability Mining ［C］//Proceedings of International Conference on Software Engineering. Mumbai: Computer Society of India, 2009: 59-66.
［12］ ITU-T. ASN.1 Project［EB／OL］. ［2014-02-21］. http://www.itu.int／ITU-T／asn1／.
［13］ NIST. National Vulnerability Database ［EB／OL］. ［2014-02-21］. http://nvd.nist.gov.
［14］中国信息安全测评中心. 中国国家信息安全漏洞库［EB／OL］. ［2014-02-21］. http://www.cnnvd.org.cn.
［15］ Ortega A, Muniz S. Dynamips-mod ［CP／OL］. ［2014-02-21］. http://www.groundworkstech.com／projects-dynam ips-gdb-mod.html.
［16］ Yuschuk O. OllyDBG ［CP／OL］. ［2014-02-21］. http://www.ollydbg.de.
［17］ The Wireshark Community. Wireshark ［CP／OL］. ［2014-02-21］. http://www.wireshark.org.
［18］ Cola. Colasoft Capsa Enterprise 7.2.1 ［CP／OL］. ［2014-02-21］. http://www.colasoft.com.cn.
［19］ Science Dissemination Unit. Response Time and Packet loss. ［EB／OL］. ［2014-02-21］. http://sdu.ictp.it／pinger／pinger.html.
［20］ The Penetration Test Team of NCNIPC. Wireshark Malformed SNMPv1 Packet Remote Denial of Service Vulnerability. ［EB／OL］. ［2014-02-21］. http://www.securityfocus.com／bid／43197.
［21］ Rypl L. SNMP-fuzzer(LukasRypl). ［CP／OL］. ［2014-02-21］. https://github.com／LukasRypl／snmp-fuzzer.
［22］ Arhont. SNMP-fuzzer-0.1.1. ［CP／OL］. ［2014-02-21］. http://www.pentoo.ch／distfiles／snmp-fuzzer-0.1.1.tar.gz.

[1]	LIU Huayuan,SU Yunfei,LI Ruilin,TANG Chaojing. Structure-statebased graybox Fuzzing technique [J]. Journal of Xidian University, 2021, 48(1): 117-123.
[2]	LI Teng,CAO Shijie,YIN Siwei,WEI Dawei,MA Xindi,MA Jianfeng. Optimal method for the generation of the attack path based on the Q-learning decision [J]. Journal of Xidian University, 2021, 48(1): 160-167.
[3]	YANG Hongyu,ZENG Renyun. Method for assessment of network security situation with deep learning [J]. Journal of Xidian University, 2021, 48(1): 183-190.
[4]	YANG Hongyu,ZHANG Xugao. Network security situation adaptive prediction model [J]. Journal of Xidian University, 2020, 47(3): 14-22.
[5]	YANG Baowang. Low-rate-denial-of-service attack detection by symbolic dynamics method [J]. Journal of Xidian University, 2018, 45(1): 140-144.
[6]	LIANG Hongquan;WU Wei. Secure link status routing protocol based on node trustworthiness [J]. Journal of Xidian University, 2016, 43(5): 121-127.
[7]	WANG Jindong;YU Dingkun;ZHANG Hengwei;WANG Na. Active defense strategy selection based on the static Bayesian game [J]. J4, 2016, 43(1): 144-150.
[8]	GUO Jingjing;MA Jianfeng. Trust recommendation algorithm for the virtual community based Internet of Things(IoT) [J]. J4, 2015, 42(2): 52-57+179.
[9]	WANG Yichuan;MA Jianfeng;LU Di;ZHANG Liumei;MENG Xianjia. Cloud droplets freezing attack in cloud computing [J]. J4, 2014, 41(3): 116-122.
[10]	GUO Jianghong;MA Jianfeng;ZHANG Liumei;LU Di. Efficient encrypted data aggregation scheme for wireless sensor networks [J]. J4, 2013, 40(3): 95-101+120.
[11]	DU Zhi-qiang;SHEN Yu-long;MA Jian-feng;ZHOU Li-hua. Practical broadcast authentication protocol for sensor networks [J]. J4, 2010, 37(2): 305-310+325.
[12]	CHEN Chen;GAO Xin-bo. Mobility supporting adaptive MAC protocol in WSN [J]. J4, 2010, 37(2): 279-284.
[13]	ZHOU Ye-jun;LI Hui;MA Jian-fen. Random network coding against the eavesdropping adversaries [J]. J4, 2009, 36(4): 696-701.
[14]	JIANG Fei1;2;SHI Hao-shan1;XU Zhi-yan3;DONG Xiang-jun1. Novel hierarchical framework for the network management system based on multi-Agent collaboration [J]. J4, 2009, 36(2): 366-372.
[15]	ZHOU Hua;MENG Xiang-ru;ZHANG Li;QIAO Xiang-dong. Proactive recovery algorithm in the distributed intrusion-tolerance system [J]. J4, 2009, 36(2): 378-384.

Algorithm for discovering SNMP protocol vulnerability

PDF (PC)

Like

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Metrics

Comments

Recommended 1