Rebound shell blocking method and device

A technology for judging modules and processes, applied in the computer field, can solve problems such as single judgment method and high false alarm rate, and achieve the effect of improving accuracy and avoiding security incidents

Inactive Publication Date: 2019-08-23
JIANGSU PAYEGIS INFORMATION SECURITY TECH CO LTD
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This method judges whether the program is a rebound shell based on whether the process has the terminal attribute when the shell program is running. The judgment method is too simple, and there is a high false positive rate.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rebound shell blocking method and device
  • Rebound shell blocking method and device
  • Rebound shell blocking method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0030] figure 1 For the reverse shell diagram, in figure 1 In the scenario shown, the target host is an internal network host without a public IP address, and the attacker cannot initiate a remote connection to the target host from the external network. In order to obtain an interactive environment that facilitates direct manipulation of the target host, it is necessary to perform Escalation of privileges. The attacker uses the a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a rebound shell blocking method and device. The rebound shell blocking method comprises the following steps: monitoring a Bash process creation event; when the creation of theBash process is monitored, judging whether a redirection file corresponding to the Bash process is a socket file or not; if yesso, determining that the Bash process is a rebound shell process, and judging whether rebound shell network connection exists or not according to the a socket file descriptor; if soyes, it is confirmedconfirming that the server has a rebound shell attack, the accuracy of rebound shell detection is improved through combination of the server and the rebound shell attack, and the IP address and the port number of rebound shell network connection are obtained; c. Tomparedwith the prior art, the method has the advantages that the IP address and the port number are shielded, the Bash process is blocked, the IP address and the port number are shielded, the current Bash process is killed, the behavior that an attacker wants to perform authority extraction and vulnerability execution through a rebound shell can be terminated in time, and safety events are avoided.

Description

technical field [0001] The invention relates to the technical field of computers, in particular to a rebound shell blocking method and device. Background technique [0002] Existing network attacks generally involve website attackers exploiting the loopholes in the website to attack the website server, resulting in frequent security incidents. Such attacks not only affect the corporate image but also cause economic losses. Among them, invading websites through Webshells is a common attack method used by attackers. Web attackers need to escalate their privileges after obtaining the Web shell of the Web server. Privilege escalation requires an interactive operating environment. Therefore, the attacker needs to rebound an interactive shell first, and then execute related commands on the command line terminal to extract permissions and other operations. Once the attacker successfully obtains the highest authority of the server through the interactive environment of the reverse ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/56
CPCG06F21/56H04L63/1416H04L63/1433H04L63/145H04L63/168
Inventor 汪德嘉华保健柴倩沈杰张瑞钦
Owner JIANGSU PAYEGIS INFORMATION SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap