摘要: 目前没有可以对Cisco IOS系统进行完全静态反汇编和动态调试的通用工具。为此,以Cisco路由器支持的协议为测试目标,利用Fuzzing技术对其进行安全性测试,从而挖掘系统中的漏洞,并结合IOS结构、存储管理和进程调度的特点,设计实现一个自动实现漏洞挖掘的工具CFuzzer。利用该工具对IOS的多种协议进行安全测试,实验结果证明,CFuzzer可以为Cisco路由器提供有效的安全防护。
关键词:
路由器,
Cisco IOS系统,
网络安全,
Fuzzing技术,
漏洞挖掘
Abstract: Currently there are no generic tools which can completely disassemble and debug Cisco Internetwork Operating System(IOS). This paper targets protocols Cisco routers support as vulnerable, and uses Fuzzing technology for security testing to mine vulnerabilities in the system. By combining characteristics of IOS structure, storage management and process scheduling, it designs and implements an automated vulnerability mining tool named CFuzzer, and uses it for IOS security tests for several protocols. Experimental results show that CFuzzer can provide effective security protection for Cisco routers.
Key words:
router,
Cisco Internetwork Operating System(IOS),
network security,
Fuzzing technology,
vulnerability exploiting
中图分类号:
苏晓艳, 武东英, 刘龙, 韩玉祥. 基于Fuzzing的Cisco IOS漏洞挖掘方法[J]. 计算机工程, 2012, 38(16): 117-120.
SU Xiao-Yan, WU Dong-Yang, LIU Long, HAN Yu-Xiang. Cisco IOS Vulnerability Exploiting Method Based on Fuzzing[J]. Computer Engineering, 2012, 38(16): 117-120.