What is a Zero Day Attack About Fuzzers Part Two

Welcome back to the series,If you have come directly to this post I would recommend you to go through the previous post What is a Zero Day Attack Part one. But you can still continue I have covered the basics of Zero Day attack in the post.

Overview of Secured Applications

No matter how great a developer or how securely he writes a code, there has to be some bug one way or the other. According to experts, in every 1000 lines of code there are on an average, 5 bugs present. And a good percentage of these bugs can be used to compromise the security of the application.

Now there are two ways to find the bugs. The first step is to sit and test every lines and find it out. But since most of the times, the source code is not available so the second way it to use FUZZERS. So what are they ? Programs Hacking other programs. Surprised ? Lets move to the next point, and I will tell you more about it.

What are Fuzzers ?

Fuzzers is software program or script – specially created to look for errors in any piece of code or application. A fuzzer will virtually look for every input variable and try every different possible combination ot find out the handling of the program and coding errors.

Fuzzers are also known as Fault Injectors, because they create and inject faults inside any application. These Fuzzers can test errors for applications, protocols, files etc and are widely used to find new vulnerabilities like buffer overflow, DoS, SQL injection and XSS.

Why should I use Fuzzers when I am already investing on Security so much ?

This question should click in your mind else the importance of it will never be realized. In short 2 reasons.

  1. You get to know about the vulnerability before others do, so you get a patch before anybody else finds and attack you.
  2. Secondly, Now if you have a custom made tool(made just by you), there are least chances that other know about it, and you wont get feedback that if there is some loophole in the software. So its your duty to find out the bug and then prepare for the patch. Else if ZDA or Zero Day Attack begins, you might be too late.

Types of Protection by Fuzzers

Application Firewall :

The best way to fight against any kind of unknown attack is to restrict any kind of unknown attack is to restrict your application from showing any unwanted behavior. For that, all you need is an application firewall. This is a tool which records any kind of any application for abnormal behavior and makes an alert and in some case simply restricts the application from running. There are two, I  found.

  • AppArmor:  This is an Open Source application firewall and is currently maintained by Novell. You can get the document available here and install it on top of any Linux distro. But the easiest way out is to get a copy of OpenSuse 10 which had AppArmor out of the box. It has easy configuration manager called YaST. The advantage of using this is when any kind of bug or virus enters the system (be it known or unknown) and tries to modify settings and parameters of the application, AppArmor will automatically create an alert. You can see the image below for YaSt configuration.
  • Socket Shield: This tool can protect you against zero day worms and other malware coming from websites. Yes you got it right It monitors traffic coming from port 80. As per the analysis I read, the entire process of monitoring is invisible to users and does not affect the performance, It simple meaning it protects your computer by monitoring at the socked level. It closes the socket in case of any exploit found. You can use it for shielding as well as blocking. By providing know spamming sites ip address and blocking, it will do on its own in case it finds any doubtful activity. You can take a look at more details here. The image below can give you small preview.

Second type is Web Server Protection. Its a bit long so i don’t want to make this post boring and hence i will be continuing it to the next post. Till then you can try the above if it fits your requirement.

Leave a Reply