Title :
BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes
Author :
Roschke, Sebastian ; Cheng, Feng ; Meinel, Christoph
Author_Institution :
Hasso Plattner Inst. (HPI), Univ. of Potsdam, Potsdam, Germany
Abstract :
Modern attacks are using sophisticated and innovative techniques. The utilization of cryptography, self-modified code, and integrated attack frameworks provide more possibilities to circumvent most existing perimeter security approaches, such as firewalls and IDS. Even Application Layer Gateways (ALG) which enforce the most restrictive network access can be exploited by using advanced attack techniques. In this paper, we propose a new attack for circumventing ALGs. By using polymorphic and encrypted shellcode, multiple shellcode stages, protocol compliant and encrypted shell tunneling, and reverse channel discovery techniques, we are able to effectively bypass ALGs. The proposed attack consists of four phases with certain requirements and results. We implemented the initial shellcode as well as the different stages and conducted the practical attack using an existing ALG. The possibility to prevent this attack with existing approaches is discussed and further research in the area of perimeter security and log management is motivated.
Keywords :
channel coding; computer network management; computer network security; cryptography; internetworking; BALG; bypassing application layer gateways; cryptography; encrypted shell tunneling; firewalls; integrated attack frameworks; log management; multistaged encrypted shellcodes; protocol; restrictive network access; reverse channel discovery; security; self-modified code; Chaotic communication; Computer crashes; Cryptography; Electronic mail; Linux; Logic gates; Postal services;
Conference_Titel :
Integrated Network Management (IM), 2011 IFIP/IEEE International Symposium on
Conference_Location :
Dublin
Print_ISBN :
978-1-4244-9219-0
Electronic_ISBN :
978-1-4244-9220-6
DOI :
10.1109/INM.2011.5990539
