Call For Papers
Contact Us

  A Network-Layer Intrusion Prevention System for a Metasploit Application Attack  
  Authors : Abdulaziz Almehmadi
  Cite as:


Network and software related attacks have become a trend that is occurring more frequently in today's corporate and private networks. Tools and methodologies developed for ethical hackers and penetration testers that are used to discover vulnerabilities are being used maliciously by individuals and organizations for such purposes. Because Metasploit is freely available to the public, the exploits it provides are known to be used maliciously. Therefore, in this paper we contribute by implementing Intrusion Detection System (IDS) that detect a specific exploit that is intended to vulnerability in software called Icecast. Then we implement an Intrusion Prevention Systems (IPS) to prevent the attacker from gaining access to the system that has the Icecast service running. The detection and prevention from the attack are done from the network layer by analyzing the behavior of the packets, create a signature to detect the attack and then prevent it.


Published In : IJCSN Journal Volume 7, Issue 4

Date of Publication : August 2018

Pages : 246-253

Figures :05

Tables : --


Abdulaziz Almehmadi : received the Bachelor's degree in computer science and the Master's degree in information technology security, with a specialty in biometrics, from King Abdulaziz University, Jeddah, Saudi Arabia, and the University of Ontario Institute of Technology (UOIT), Oshawa, ON, Canada in 2007 and 2010 respectively. Dr. Almehmadi received his PhD in computer science from UOIT in 2015 with a specialty in biometrics and access control. His thesis work was submitted to the United States Patent and Trademark Office (USPTO) and was granted the patent US9703952 in July 11, 2017 titled: Device and Method for Providing Intent-based Access Control. Dr. Almehmadi is currently working on designing non-identity-based access control systems to detect and prevent insider threats. He is an assistant professor at the Information Technology department at the Faculty of Computing and Information Technology (FCIT) at the University of Tabuk, Saudi Arabia. He is also the Vice-Dean for Graduate Studies and Scientific Research at FCIT. Furthermore, Dr. Almehmadi has recently founded and is the Director of the Industrial Innovation and Robotics Center (IIRC) at the University of Tabuk with projects to support the NEOM SmartCity.


Intrusion Detection System, DDoS, SYN Flood

There are numerous good uses for the Metasploit Framework, especially in the penetration testing and exploit research fields. This application can drastically reduce the amount of work that the users in this field will need to do in order to successfully complete their jobs. This application helps to reduce the amount of manual programming work that individuals might have had to do previously to using the framework. It also provides the users with multiple ways in which to undertake an exploitation task, and gives the ability to set the type of payloads, which they would like to use. These features are not widely found in other applications, free or otherwise; however, the framework can be used maliciously and therefore IDS and IPS signatures for any exploit that the framework provides need to be defined and used in any organization's network otherwise it will be susceptible to be attacked. In this paper, we show an exploit that can be easily detected and prevented by analyzing the network traffic for a defined signature of a malicious known exploit.


[1] "The Metasploit Project," [Online]. Available: http://www.metasploit.com/ [2] D. Maynor, K. Mookhey, J. Cervini, F. Roslan and K. Beaver, ?Metasploit Toolkit. Burlington, MA: Syngress Publishing, 2007. [E-Book] Available: Syngress.com. [3] "SANS: Network Penetration Testing and Ethical Hacking (GPEN)," [Online]. Available: http://www.sans.org/security-training/networkpenetration- testing-ethical-hacking-937-mid. [4] Patel, Sandip C., and Yingbing Yu. "Analysis of SCADA Security models. "International Management Review 3.2 (2007). [5] Stouffer, K., J. Falco, and K. Kent. "Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security." NIST Special Publication (2006): 800-82. [6] Axelsson, Stefan. "The base-rate fallacy and the difficulty of intrusion detection." ACM Transactions on Information and System Security (TISSEC) 3.3 (2000): 186-205. [7] Alder, R., et al. "Snort: IDS and IPS Toolkit." (2007). [8] Signatures, I. D. S., Field Device Protection Profile, and Nessus SCADA Plugins. "Digital Bond." (2007). [9] Zhu, Bonnie, and Shankar Sastry. "SCADA-specific intrusion detection/prevention systems: a survey and taxonomy." Proceedings of the 1st Workshop on Secure Control Systems (SCS). 2010. [10] Bigham, John, David Gamez, and Ning Lu. "Safeguarding SCADA systems with anomaly detection." Computer Network Security. Springer Berlin Heidelberg, 2003. 171-182. [11] Yang, Dayu, Alexander Usynin, and J. Wesley Hines. "Anomaly-based intrusion detection for SCADA systems." 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT 05). 2006. [12] Barbosa, Rafael Ramos Regis, and Aiko Pras. "Intrusion detection in SCADA networks." Mechanisms for Autonomous Management of Networks and Services. Springer Berlin Heidelberg, 2010. 163-166. [13] Carcano, Andrea, et al. "State-based network intrusion detection systems for SCADA protocols: a proof of concept." Critical Information Infrastructures Security. Springer Berlin Heidelberg, 2010. 138-150. [14] Fovino, Igor Nai, et al. "Distributed intrusion detection system for SCADA protocols." Critical Infrastructure Protection IV. Springer Berlin Heidelberg, 2010. 95- 110. [15] Fovino, Igor Nai, et al. "Modbus/dnp3 state-based intrusion detection system." Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on. IEEE, 2010. [16] "Icecast is free server software for streaming multimedia," [Online]. Available: http://icecast.org/