Death, taxes, and imperfect software: surviving the inevitable
Proceedings of the 1998 workshop on New security paradigms
Building Software Securely from the Ground Up
IEEE Software
UNIX Network Programming, Vol. 1
UNIX Network Programming, Vol. 1
C++: A Beginner's Guide, Second Edition
C++: A Beginner's Guide, Second Edition
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Intrusion Prevention and Active Response: Deploying Network and Host IPS
Intrusion Prevention and Active Response: Deploying Network and Host IPS
Secure and practical defense against code-injection attacks using software dynamic translation
Proceedings of the 2nd international conference on Virtual execution environments
Buffer Overflow Attacks
A polymorphic shellcode detection mechanism in the network
Proceedings of the 2nd international conference on Scalable information systems
Browser security: lessons from Google Chrome
Communications of the ACM - A Blind Person's Interaction with Technology
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Hi-index | 0.01 |
Writable XOR executable (W驴X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1---3], and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W驴X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.