当前位置:首页 > 报告详情

放大和摧毁:发现和利用易受攻击的隧道主机.pdf

上传人: 竿*** 编号:981941 2025-11-29 148页 7.19MB

1、#BHUSA BlackHatEvents#BHUSA BlackHatEventsAmplify and Annihilate:Discovering andExploiting Vulnerable Tunnelling HostsAngelos Beitis,Mathy Vanhoef1#BHUSA BlackHatEvents2#BHUSA BlackHatEventsIntroduction3#BHUSA BlackHatEventsIPPayloadEncapsulatorDecapsulator4#BHUSA BlackHatEventsIPPayloadEncapsulator

2、Decapsulator5#BHUSA BlackHatEventsIPPayloadEncapsulatorDecapsulator6#BHUSA BlackHatEventsIPPayloadEncapsulatorDecapsulator7#BHUSA BlackHatEventsAuthenticationEncryptionData Integrity8#BHUSA BlackHatEventsCVE-2020-101369#BHUSA BlackHatEventsCVE-2020-10136IP-in-IP protocol specifies IP Encapsulation w

3、ithin IP standard(RFC 2003,STD 1)that decapsulate and route IP-in-IP traffic is vulnerable to spoofing,access-control bypass and other unexpected behavior due to the lack of validation toverify network packets before decapsulation and routing.Reported by:Yannay Livneh10#BHUSA BlackHatEventsABIP(A B)

4、IP(B C)Payload11#BHUSA BlackHatEventsABIP(A B)IP(B C)Payload12IP(A B)IP(B C)Payload#BHUSA BlackHatEventsAB13#BHUSA BlackHatEventsABIP(B C)Payload14#BHUSA BlackHatEventsIP(B C)PayloadBC15#BHUSA BlackHatEventsIP(B C)PayloadBC16#BHUSA BlackHatEventsIP(SPOOFED C)PayloadBCPayload17#BHUSA BlackHatEventsBC

5、IP(SPOOFED C)PayloadPayload18#BHUSA BlackHatEvents2020:150k vulnerableCisco NX-OS Software vulnerable by default19#BHUSA BlackHatEvents20#BHUSA BlackHatEventsThe Culprits21#BHUSA BlackHatEventsThe CulpritsIPIPGRE6in44in622#BHUSA BlackHatEventsIPIPOuter IPInner IPPayloadNo encryptionNo authentication

6、 23#BHUSA BlackHatEventsIPIPGRE6in44in624#BHUSA BlackHatEventsGREOuter IPL2/L3PayloadGRE HeaderAdds GRE headerCan encapsulate L2/L34-byte optional key field25#BHUSA BlackHatEventsIPIPGRE6in44in626#BHUSA BlackHatEvents6in4 4in6Outer IPXInner IPYPayloadTransition to IPv6IPX packet in IPYnetworks27sysc

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Amplify and Annihilate: Discovering and Exploiting Vulnerable Tunnelling Hosts》的内容,以下是全文关键点的概括: 1. **IP-in-IP协议漏洞**:IP-in-IP协议(如IPIP、GRE、6in4、4in6)在缺乏验证的情况下,容易受到欺骗、访问控制绕过等问题,导致安全风险。 2. **漏洞影响**:2020年发现150,000个受影响的Cisco NX-OS软件实例。 3. **攻击方法**:攻击者可以利用这些漏洞进行匿名DDoS攻击、放大攻击等。 4. **扫描方法**:使用ZMap等工具进行扫描,发现存在漏洞的主机。 5. **攻击示例**:Ping-Pong攻击、Tunneled-Temporal Lensing (TuTL)攻击等。 6. **缓解措施**:实施源IP过滤、认证和加密等安全措施。 7. **结果**:超过700,000个受影响的设备被修补。 8. **挑战**:一些组织未响应漏洞报告,导致安全风险持续存在。
黑客如何利用?" "IP隧道安全漏洞,你的网络安全吗?" IP隧道漏洞攻击解析!"
客服
商务合作
小程序
服务号
折叠