When performing any type of protocol fuzzing, one must obtain three key pieces of information about the target protocol: structure, state and semantics. The structure of a network protocol is the format of the messages, which contains a series of fields which, at the simplest level, are integers and strings. When dealing with any protocol with public specifications, this information is easily obtained. However, what is one to do when the specs are not publicly available, say in the case of a proprietary industrial control and automation protocol?
For the past few years, I have spent a good deal of time researching techniques to improve the automation of packet field identification, mainly for the purposes of intelligent protocol fuzzing. Some of you may have seen my work titled, Protocol Informatics at various conferences. Protocol Informatics utilizes techniques borrowed from the field of Bioinformatics to identify the locations of the start and end of each field in a protocol message (this is analogous to identifying the locations of specific genes in a genome). The technology borrowed from Bioinformatics revolves around the use of sequence alignment algorithms. The idea is pretty simple: Take two sequences, each of arbitrary length, and insert gaps at the appropriate offsets to obtain two new sequences, each being of the same length. What does this buy us? The algorithms used are designed to insert gaps where the bindings between the characters in each sequence are strongest, resulting in an alignment with gaps inserted in places where data is missing.
GET /_________ HTTP/1.0\r\n
GET /index.html HTTP/1.0\r\n
This leads us to an observation that from offset n to offset m is a place where variable length data may be present. Using this information, one can start to understand the format of the particular message under analysis. For example, if when analyzing a binary protocol, there is a long sequence of ASCII characters in one of the sequences and a series of gaps in the other, one could start to look to see if any size value is prefixed to the string. The true power of this technique arises when combining it in a multiple alignment. A multiple alignment involves aligning multiple sequences to one another. Once a series of sequences are aligned to each other, informational techniques can be used to extract more information about where fields exist. What the analyzer does is then go down each column and look at some key pieces of data: what is the range of characters used, how often does it change in relation to itself and how often does it change in relation to its neighbors. If two columns change at the exact same rate and contain the same character set, it may be a protocol identifier like an ip id field.
The Protocol Informatics project is becoming more active as this year goes on, so expect more code and examples on the blog. In the meantime, to satisfy any curiosity, the old PI code is available here .
In my next post, I will explain the concept of sequence logos and how they are used to preserve information content that is previously lost when doing simple consensus sequences when trying to understand packet formats.
Pingback: Google Redirect Fix
Pingback: guaranteed rankings
Pingback: Dallas Video Production
Pingback: Dallas Marketing
Pingback: Dallas Family Portrait Photographer
Pingback: Dallas Wedding Photographers
Pingback: johnvespucci
Pingback: Non-Lethal Weapons
Pingback: bodybuilding supplement
Pingback: best bcaa
Pingback: webcam chat
Pingback: scary
Pingback: Phil Cannella
Pingback: Pizza Hut vouchers
Pingback: alternator repair
Pingback: flights to pakistan
Pingback: LED Lights
Pingback: ghost hunting
Pingback: Online Marketing Solution
Pingback: online registry cleaner
Pingback: overcoming procrastination
Pingback: Dallas Portrait Photographers
Pingback: Instant Movie Downloads
Pingback: izvestni
Pingback: watch free movies online
Pingback: Dentist
Pingback: diversity employment
Pingback: how to make money online
Pingback: Herbal Potpourri
Pingback: ibuildfans.com
Pingback: starting a cleaning business
Pingback: Spice Herbal Incense
Pingback: Legal Herbs
Pingback: Smoke Herbal Blend
Pingback: the now habit by neil fiore
Pingback: Roswell Garage Door Repair
Pingback: medical assistant
Pingback: grievance procedure
Pingback: visit
Pingback: nono hair removal
Pingback: Scalewatcher
Pingback: Mats
Pingback: Bed linen
Pingback: sheep placenta cream
Pingback: classified ads
Pingback: how to avoid work at home scams
Pingback: 007 Games Online
Pingback: Taylorsville UT heating and air
Pingback: how to make doughnuts
Pingback: Vacation Rentals
Pingback: bed linens canada
Pingback: price of dental gold
Pingback: Jake Reeds
Pingback: hardship letter
Pingback: Natural Cure For Eczema
Pingback: High Risk Credit Card Processing
Pingback: kindel fire stores
Pingback: leather loveseat
Pingback: web hosting reviews
Pingback: 5 minute mogul scam
Pingback: fish oil supplements
Pingback: Novacaine
Pingback: Solar Power Kits
Pingback: property investment manchester
Pingback: Manchester boot camp
Pingback: what is serotonin
Pingback: marial arts tampa
Pingback: buy neopoints
Pingback: coleman grills paul jr
Pingback: scrunch hair styles
Pingback: remove blood stains from clothes
Pingback: qrops
Pingback: Good video camera
Pingback: commercial inspections
Pingback: Men's Hair Loss
Pingback: Scott Tucker Payday Loans
Pingback: led lighting manufacturer
Pingback: Husband Pillow
Pingback: Halloween costumes
Pingback: full length mirror
Pingback: Used Cars Chesterfield
Pingback: medical job search
Pingback: how do I blog
Pingback: seo link monster
Pingback: Scott Tucker Payday Loans
Pingback: Scott Tucker Racing
Pingback: Brazzers Password
Pingback: POF Secrets
Pingback: clearwater beach condos
Pingback: insurance rss
Pingback: Medical Tourism Houston
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Leawood
Pingback: BPO Companies
Pingback: broker price opinion
Pingback: natural remedies for cold sores
Pingback: spinach health benefits
Pingback: Shared Hosting
Pingback: http://www.athletesacceleration.com/complete-olympic-lifting-10-more-reasons-why/
Pingback: future technology predictions
Pingback: track and field training
Pingback: san diego sem
Pingback: seo boise
Pingback: austin car insurance
Pingback: fleet gps tracking
Pingback: Indianapolis DUI attorney
Pingback: trade show displays
Pingback: aquaponics how to
Pingback: Credit Card Debt
Pingback: money
Pingback: consolidate credit card debt
Pingback: office insurance
Pingback: belly bars
Pingback: tarot gratis
Pingback: Does Proactol Work
Pingback: recensioni ipad
Pingback: pawn shop
Pingback: body jewelry
Pingback: Air Conditioning Repairs
Pingback: springfield door hangers
Pingback: california beach house
Pingback: Free Tarot Readings
Pingback: escorts in london
Pingback: tracker cell
Pingback: Business Insurance Tampa
Pingback: Sex Show
Pingback: Scripte Shop
Pingback: personal trainer certification
Pingback: best treadmills for home
Pingback: Jim Larkin
Pingback: goal rush
Pingback: translation services
Pingback: prediksi togel
Pingback: Scott tucker
Pingback: Scott Tucker Racing
Pingback: Scott Tucker CBS
Pingback: certified personal trainer