Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
if an attacker resets a Unix device’s time to a week from now, then it will trigger logrotate to<br />
rotate the Unix logg<strong>in</strong>g files. If the attacker does this five times, then the current Unix syslog<br />
files will be deleted, thereby elim<strong>in</strong>at<strong>in</strong>g the attacker’s tracks from the attacked device’s logg<strong>in</strong>g<br />
system.<br />
A.2.9 DATA DRIVEN ATTACKS.<br />
These are perhaps the best-known mechanisms for crack<strong>in</strong>g remote systems. Data driven attacks<br />
are executed by send<strong>in</strong>g data to an active service that causes un<strong>in</strong>tended or undesirable results.<br />
These types of attack <strong>in</strong>clude:<br />
• Buffer Overflow attacks. A buffer overflow occurs when a user or process attempts to<br />
place more data <strong>in</strong>to a buffer (e.g., fixed array) than was orig<strong>in</strong>ally allocated. A buffer<br />
overflow condition normally causes a segmentation violation to occur. This event can be<br />
potentially exploited to ga<strong>in</strong> access to the target system. For example, if the process<br />
where the buffer overflow occurred is runn<strong>in</strong>g as root (e.g., is a communications<br />
protocol), and if (at the appropriate place with<strong>in</strong> the overflow<strong>in</strong>g data) the data conta<strong>in</strong>ed<br />
code that executed the command /b<strong>in</strong>/sh, then /b<strong>in</strong>/sh would be executed with root<br />
permissions, thereby giv<strong>in</strong>g the attacker a shell (e.g., command l<strong>in</strong>es) to use that has root<br />
permissions. In this manner, attackers can ga<strong>in</strong> control of OSs. Once they have ga<strong>in</strong>ed<br />
control, they can establish backdoors and Trojan horses for subsequent access.<br />
Safeguards aga<strong>in</strong>st buffer overflow attacks <strong>in</strong>clude improved software development<br />
practices. For example, validat<strong>in</strong>g arguments with<strong>in</strong> code; us<strong>in</strong>g more secure rout<strong>in</strong>es<br />
such as (for the C programm<strong>in</strong>g language) fget(), strncpy() and strncat(); better test and<br />
audit practices; and us<strong>in</strong>g safe compilers such as Immunix’s StackGuard or Janus.<br />
Alternatively, rather than recompil<strong>in</strong>g every program on the system, the Libsafe dynamic<br />
library file can be <strong>in</strong>stalled with either the environment variable $LD_PRELOAD<br />
specified or else list it <strong>in</strong> /etc/ld.so.preload. Unfortunately, these types of vulnerabilities<br />
only reduce the number of buffer overflows without elim<strong>in</strong>at<strong>in</strong>g all of them. Thus, this<br />
threat cont<strong>in</strong>ues to exist even with<strong>in</strong> systems whose developers have undertaken these<br />
types of safeguards.<br />
• Input Validation attacks. An <strong>in</strong>put validation attack leverages a programm<strong>in</strong>g flaw where<br />
(1) the program fails to properly parse and validate received <strong>in</strong>put; (2) a module accepts<br />
this syntactically <strong>in</strong>correct <strong>in</strong>put; (3) the module fails to handle the miss<strong>in</strong>g <strong>in</strong>put fields;<br />
and (4) a field value correlation error subsequently occurs. If a program accepts usersupplied<br />
<strong>in</strong>put and did not properly validate it, it could be tricked <strong>in</strong>to execut<strong>in</strong>g arbitrary<br />
code via leverag<strong>in</strong>g Unix shell escape commands. Execut<strong>in</strong>g nonvalidated escape<br />
sequences provide a comparable capability to the attacker to crack the device as buffer<br />
overflows. The primary safeguard aga<strong>in</strong>st this type of problem is improved software<br />
development practices.<br />
These classes of attacks po<strong>in</strong>t out the importance of shell access with<strong>in</strong> Unix systems. With<strong>in</strong><br />
these OSs, shells provide command l<strong>in</strong>e capabilities to remote or local users. A successful<br />
logon, regardless of whether it is local or remote, results <strong>in</strong> the user receiv<strong>in</strong>g a shell. Once the<br />
user has a shell, then he or she is able to perform any function on that computer that he or she is<br />
A-9