BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops Pub Date : 2011-05-23 DOI:10.1109/INM.2011.5990539

S. Roschke, Feng Cheng, C. Meinel

{"title":"BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes","authors":"S. Roschke, Feng Cheng, C. Meinel","doi":"10.1109/INM.2011.5990539","DOIUrl":null,"url":null,"abstract":"Modern attacks are using sophisticated and innovative techniques. The utilization of cryptography, self-modified code, and integrated attack frameworks provide more possibilities to circumvent most existing perimeter security approaches, such as firewalls and IDS. Even Application Layer Gateways (ALG) which enforce the most restrictive network access can be exploited by using advanced attack techniques. In this paper, we propose a new attack for circumventing ALGs. By using polymorphic and encrypted shellcode, multiple shellcode stages, protocol compliant and encrypted shell tunneling, and reverse channel discovery techniques, we are able to effectively bypass ALGs. The proposed attack consists of four phases with certain requirements and results. We implemented the initial shellcode as well as the different stages and conducted the practical attack using an existing ALG. The possibility to prevent this attack with existing approaches is discussed and further research in the area of perimeter security and log management is motivated.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2011.5990539","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Modern attacks are using sophisticated and innovative techniques. The utilization of cryptography, self-modified code, and integrated attack frameworks provide more possibilities to circumvent most existing perimeter security approaches, such as firewalls and IDS. Even Application Layer Gateways (ALG) which enforce the most restrictive network access can be exploited by using advanced attack techniques. In this paper, we propose a new attack for circumventing ALGs. By using polymorphic and encrypted shellcode, multiple shellcode stages, protocol compliant and encrypted shell tunneling, and reverse channel discovery techniques, we are able to effectively bypass ALGs. The proposed attack consists of four phases with certain requirements and results. We implemented the initial shellcode as well as the different stages and conducted the practical attack using an existing ALG. The possibility to prevent this attack with existing approaches is discussed and further research in the area of perimeter security and log management is motivated.

查看原文本刊更多论文

BALG:使用多级加密shell代码绕过应用层网关

现代攻击正在使用复杂和创新的技术。密码学、自我修改代码和集成攻击框架的使用为绕过大多数现有的外围安全方法(如防火墙和IDS)提供了更多的可能性。即使是应用程序层网关(ALG)，它执行最严格的网络访问也可以通过使用高级攻击技术来利用。在本文中，我们提出了一种新的绕过alg的攻击方法。通过使用多态和加密的shellcode，多个shellcode阶段，协议兼容和加密的shell隧道，以及反向通道发现技术，我们能够有效地绕过alg。建议的攻击由四个阶段组成，具有一定的需求和结果。我们实现了初始的shellcode以及不同的阶段，并使用现有的ALG进行了实际的攻击。讨论了利用现有方法防止这种攻击的可能性，并推动了外围安全和日志管理领域的进一步研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

自引率

0.00%

发文量