Decryption DDoS Attack--research on the new distortion _ vulnerability of "cache overflow"

Source: Internet
Author: User
In Windows systems, there is also a problem with cache overflows. And, with the advent of the Internet, the Internet service programs on the win series platform are increasing, and low level win programs are the Achilles heel of your system because they also have remote stack overflows. Moreover, because the win system users and managers generally lack of security awareness, a win system stack overflow, if the malicious use, will cause the entire machine is controlled by hackers, which may lead to the entire LAN into the hands of hackers. There is a flaw in Microsoft's product IIS server4.0 that is known as an "illegal htr request." According to Microsoft, this flaw can cause arbitrary code to run on the server side under certain circumstances. Hackers can take advantage of this vulnerability to complete control of the IIS server, and in fact many e-commerce sites are precisely based on this set of systems.

How Hackers scramble Caching

Let's take a look at the principle of caching overflow. It is widely known that the C language does not perform array boundary checking, and in many applications implemented in C, the buffer size is assumed to be sufficient, and its capacity must be greater than the length of the string to be copied. However, the fact is not always the case, when the program error or malicious users intentionally into a long string, there are many unexpected things happen, more than that part of the character will overwrite the array adjacent to the other variable space, so that the variable has unpredictable values. If it happens that an array is adjacent to the return address of a subroutine, it is possible that the execution process of the program is wrong by overwriting the return address of the subroutine with an excess of the string, and then turning the subroutine back to another unpredictable address. Even if the application accesses an address that is not in the process address space, the process has failed to do so. This kind of mistake is in fact often made in programming.

A program that exploits a buffer overflow and attempts to disrupt or illegally enter the system usually consists of the following parts:

1. Prepare a string that can be used to bring up a Shell's machine code, which we call the Shellcode.

2. Request a buffer and fill the machine code to the lower end of the buffer.

3. Estimates the possible starting position of the machine code in the stack and writes this position to the high end of the buffer. This starting position is also a parameter that we need to invoke repeatedly when we execute this program.

4. Use this buffer as the entry parameter for the system with a buffer overflow error program and execute the error program.

Through the analysis and examples above, we can see the huge threat to the security of the system caused by the cache overflow. In Unix systems, using a class of well-written programs, this error in the SUID program makes it easy to access the power of the system's superuser. When a service program provides services on a port, the buffer overflow program can easily shut down the service, disabling the system for a certain amount of time, and potentially causing the system to go down immediately, thus becoming a denial-of-service attack. This error is not only a programmer's fault, but the system itself is more of an error when it is implemented. Today, buffer overflow errors are constantly being found in Unix, Windows, routers, gateways, and other network devices, and constitute the largest and most significant number of security threats to the system.

Recently, a design flaw known as buffer overflow (buffer overflow) is seriously endangering the security of the system and becoming a more headache problem than Y2K. Once this flaw is discovered by someone with ulterior motives, it can be exploited as a means of unlawful intrusion, destroying information in the computer. According to statistics, attacks through cache overflow accounted for more than 80% of the total number of attacks on all systems, the most recent sites suffered by the so-called distributed denial of service (DDoS) attacks are also a use of the buffer overflow principle of the attack mode.

In a nutshell, a cache overflow is a means of attacking a system that creates an overflow by writing content in the buffer of the program beyond its length, thereby destroying the stack of the program and making the program execute other instructions, to the point of attack. The intruder of Distributed denial of service (DDoS) uses a long string to fill the area of the communication bar beyond the design capacity, and some redundant strings will be mistaken by the computer to execute the password, which gives the intruder a chance to enter the computer, while the system is not aware of it. There are reports that the "cache overflow" is a very common computer security problem that has occurred over the past decade, and that intruders can use it to fully control the computer.

Cache overflow hackers ' usual trick

In UNIX systems, access to root permissions through cache overflows is a fairly common hacking technique currently in use. In fact, this is a hacker in the system local already have a basic account after the preferred attack mode. It is also widely used in remote attack, and there are many examples to realize the technology of remote Rootshell by stack overflow of daemon process.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.