illurity-logo
Log in

Site menu:

Categories

Tags

Site search

December 2018
M T W T F S S
« Dec    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Links:

Archives

Snort Vulnerability: Intruding on the Intrusion Protector

Secunia just announced an algorithmic complexity attack exploiting the behavior of Snort’s (pre-2.6.1) predicate-based rule matching. Susceptibility to the backtracking attack with custom crafted packets is rule dependent (based largely on the presence of relative-position content matching), and is estimated by the reporters to affect about 300 Snort signatures with varying intensity. A successful attack can bring the processor to its knees, causing Snort (when deployed passively – chalk one up for in-line deployments and failing-closed) to fail to detect simultaneous intrusions attempts. The paper is good enough to mention that since DFA systems only examine each byte once, backtracking cannot occur.

On its own, not a critical issue, but it foreshadows what will be a growing trend: attackers targeting the systems designed to protect. Obviously, the more prevalent the system, the bigger the target it will be. Woe unto Windows Defender and OneCare.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.