Network and software related attacks have become a trend that is occurring more frequently in today's corporate and private
networks. Tools and methodologies developed for ethical hackers and penetration testers that are used to discover vulnerabilities are
being used maliciously by individuals and organizations for such purposes. Because Metasploit is freely available to the public, the
exploits it provides are known to be used maliciously. Therefore, in this paper we contribute by implementing Intrusion Detection
System (IDS) that detect a specific exploit that is intended to vulnerability in software called Icecast. Then we implement an Intrusion
Prevention Systems (IPS) to prevent the attacker from gaining access to the system that has the Icecast service running. The detection and
prevention from the attack are done from the network layer by analyzing the behavior of the packets, create a signature to detect the
attack and then prevent it.
Published In:IJCSN Journal Volume 7, Issue 4
Date of Publication : August 2018
Pages : 246-253
Figures :05
Tables : --
Abdulaziz Almehmadi :
received the Bachelor's degree in
computer science and the Master's degree in information
technology security, with a specialty in biometrics, from King
Abdulaziz University, Jeddah, Saudi Arabia, and the University of
Ontario Institute of Technology (UOIT), Oshawa, ON, Canada in
2007 and 2010 respectively. Dr. Almehmadi received his PhD in
computer science from UOIT in 2015 with a specialty in biometrics
and access control. His thesis work was submitted to the United
States Patent and Trademark Office (USPTO) and was granted
the patent US9703952 in July 11, 2017 titled: Device and Method
for Providing Intent-based Access Control. Dr. Almehmadi is
currently working on designing non-identity-based access control
systems to detect and prevent insider threats. He is an assistant
professor at the Information Technology department at the Faculty
of Computing and Information Technology (FCIT) at the University
of Tabuk, Saudi Arabia. He is also the Vice-Dean for Graduate
Studies and Scientific Research at FCIT. Furthermore, Dr.
Almehmadi has recently founded and is the Director of the
Industrial Innovation and Robotics Center (IIRC) at the University
of Tabuk with projects to support the NEOM SmartCity.
Intrusion Detection System, DDoS, SYN Flood
There are numerous good uses for the Metasploit
Framework, especially in the penetration testing and
exploit research fields. This application can drastically
reduce the amount of work that the users in this field will
need to do in order to successfully complete their jobs.
This application helps to reduce the amount of manual
programming work that individuals might have had to do
previously to using the framework. It also provides the
users with multiple ways in which to undertake an
exploitation task, and gives the ability to set the type of
payloads, which they would like to use. These features are
not widely found in other applications, free or otherwise;
however, the framework can be used maliciously and
therefore IDS and IPS signatures for any exploit that the
framework provides need to be defined and used in any
organization's network otherwise it will be susceptible to
be attacked. In this paper, we show an exploit that can be
easily detected and prevented by analyzing the network
traffic for a defined signature of a malicious known
exploit.
[1] "The Metasploit Project," [Online]. Available:
http://www.metasploit.com/
[2] D. Maynor, K. Mookhey, J. Cervini, F. Roslan and K.
Beaver, ?Metasploit Toolkit. Burlington, MA:
Syngress Publishing, 2007. [E-Book] Available:
Syngress.com.
[3] "SANS: Network Penetration Testing and Ethical
Hacking (GPEN)," [Online]. Available:
http://www.sans.org/security-training/networkpenetration-
testing-ethical-hacking-937-mid.
[4] Patel, Sandip C., and Yingbing Yu. "Analysis of
SCADA Security models. "International Management
Review 3.2 (2007).
[5] Stouffer, K., J. Falco, and K. Kent. "Guide to
Supervisory Control and Data Acquisition (SCADA)
and Industrial Control Systems Security." NIST
Special Publication (2006): 800-82.
[6] Axelsson, Stefan. "The base-rate fallacy and the
difficulty of intrusion detection." ACM Transactions
on Information and System Security (TISSEC) 3.3
(2000): 186-205.
[7] Alder, R., et al. "Snort: IDS and IPS Toolkit." (2007).
[8] Signatures, I. D. S., Field Device Protection Profile,
and Nessus SCADA Plugins. "Digital Bond." (2007).
[9] Zhu, Bonnie, and Shankar Sastry. "SCADA-specific
intrusion detection/prevention systems: a survey and
taxonomy." Proceedings of the 1st Workshop on
Secure Control Systems (SCS). 2010.
[10] Bigham, John, David Gamez, and Ning Lu.
"Safeguarding SCADA systems with anomaly
detection." Computer Network Security. Springer
Berlin Heidelberg, 2003. 171-182.
[11] Yang, Dayu, Alexander Usynin, and J. Wesley Hines.
"Anomaly-based intrusion detection for SCADA
systems." 5th Intl. Topical Meeting on Nuclear Plant
Instrumentation, Control and Human Machine
Interface Technologies (NPIC&HMIT 05). 2006.
[12] Barbosa, Rafael Ramos Regis, and Aiko Pras.
"Intrusion detection in SCADA networks."
Mechanisms for Autonomous Management of
Networks and Services. Springer Berlin Heidelberg,
2010. 163-166.
[13] Carcano, Andrea, et al. "State-based network intrusion
detection systems for SCADA protocols: a proof of
concept." Critical Information Infrastructures Security.
Springer Berlin Heidelberg, 2010. 138-150.
[14] Fovino, Igor Nai, et al. "Distributed intrusion detection
system for SCADA protocols." Critical Infrastructure
Protection IV. Springer Berlin Heidelberg, 2010. 95-
110.
[15] Fovino, Igor Nai, et al. "Modbus/dnp3 state-based
intrusion detection system." Advanced Information
Networking and Applications (AINA), 2010 24th IEEE
International Conference on. IEEE, 2010.
[16] "Icecast is free server software for streaming
multimedia," [Online]. Available: http://icecast.org/