Network Application Security

• <>Buffer Overflow
• Windows Example http://slashdot.org/article.pl?sid=03/01/25/1245206&mode=nested&tid=109 which brought down five core DNS servers.
  
• Linux Examples http://lwn.net/Articles/108718/
  
• <>Don't use strcpy, use strncpy.  There are lots of such substitutions.
• <>Have a non-executable stack like http://www.anandtech.com/printarticle.aspx?i=2239
• <>
  
  
• Make a symlink that has the same name the program will use
• Linux Example http://lwn.net/Alerts/109235/
• Checking to see if the filename exists first will NOT work!
<>Use random filename, set permissions correctly


• Unexpected input
• General Example:  Ping of Death at http://www.insecure.org/sploits/ping-o-death.html
  
• Linux example http://lwn.net/Alerts/109682/
• Windows example hhttp://en.wikipedia.org/wiki/WinNuke and http://www.users.nac.net/splat/winnuke/
• An attack we saw http://math.nmu.edu/~randy/Classes/CS302/OldStuff/Security/Udel-attack.html
  
• Can your program work if the username is "../../../../etc/passwd"
• Can your program work if the username is "fred; rm -rf *"
• Perl's taint is brilliant
• Random testing works:  http://lwn.net/Articles/106559/
  
  
• Traffic flooding
• Ping floods
• Costs attacker
• No real defense
• Request flood
• Sometimes cost attacker
• Routers filtering the attacker can help
• The half-open-socket attack (SYN flooding)
  
• Send only the first packet of the three-way-handshake
• Never gets logged
• Uses up the array of half-open connections and keeps everyone out
• Modern operating systems fix this in a very clever way.
  

• Get a firewall
  
• Use chroot
• Don't be root
• Use a better secucurity model like SElinux and it's security policy file