|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Algorithmic Bugs
From: Randy Smith (smithr
cs.wisc.edu)
Date: Wed Jan 10 2007 - 14:18:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
For an (un)limited-time only, the presentation slides are now available
online. Get them at
http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip.
Cheers,
Randy Smith
Dave Aitel wrote:
>
> Best paper at a conference I went to recently here in Miami Beach.
>
>
> http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf
>
> Summery:
> You can send a remarkably small stream of data at a NIDS and cause it
> to go to 100% CPU and stop doing analysis if you send the RIGHT stream
> of data. This is basically undetectable (i.e. does not crash snort).
> Was fixed in Snort 2.6.1 (I believe). Some snort rules have a 1
> million to 1 expansion if you do it right (from what I read - I
> haven't tested this out yet - but it would make a great CANVAS module!)
>
> The presentation is clearer than the paper. I hope they put it online.
>
> Similar bugs exist in major commercial Python exploitation frameworks
> (i.e. you can tartrap CANVAS if you do it right). The more high level
> the language, the easier it is to get caught by something like this.
>
> - -dave
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]