GEN:SID | 1:642 |
Message | SHELLCODE HP-UX NOOP |
Summary | This event is generated when a buffer overflow attack is attempted against a target machine.
|
Impact | Serious. The attacker may be able to gain remote access to the system or have the ability to execute arbitrary code with the privileges of a system user.
|
Detailed Information | This rule tracks the bit combination which may occur in network packets aimed at overflowing HP-UX UNIX network services. The buffer overflow attack attempts to force the vulnerable application to execute attacker-controlled code in order to gain interactive access or run arbitrary commands on the vulnerable system.
A specific string used during the overflow is application-dependent however, a platform-specific command or code may be present and is detected by this rule.
|
Affected Systems | |
Attack Scenarios | An attacker launches an overflow exploit against a vulnerable FTP server and gains the ability to start a shell session, thus obtaining interactive access to the target.
|
Ease of Attack | Simple
|
Corrective Action | Check the target host for other signs of compromise.
Look for other events concerning the target host.
Apply vendor supplied patches and keep the operating system up to date.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS358
|
Rule References | arachnids: 358
|