Uncovering router protocol vulnerabilities through Intelligent fuzzing

Abstract

Simple Network Management Protocol(SNMP) is a renown network management protocol. In an IP network, it is used for gathering information from, and configuring network devices. Due to its extensive usage and presence in critical network devices such as routers, switches,servers etc, its security preservation is a major concern. Any security flaw in software implementation of such protocol may lead to catastrophic situations. A lot of SNMP vulnerabilities have been reported in the past. The modern vulnerability assessment tools only look for known vulnerabilities but lack zero-day detection. Fuzzing, is an automated software security testing technique which is typically known for finding zero-day, buffer-overflow and memory corruption vulnerabilities effectively. Researches on finding unknown flaws in protocol implementations of network devices through fuzzing is still immature. The existing open-source tools do not cater fuzz testing of complex protocols due to their data modeling complexity. In this research, fuzz testing of Simple Network Management Protocol(SNMP) implementation in Cisco routers is performed. A simple approach for generating malformed test-cases is also proposed. During fuzz testing experiments several memory corruption and a known DoS vulnerability is exposed. Analysis of SNMP vulnerabilities for renown vendors in scope of fuzz testing and evaluation of prominent network protocol fuzzing tools based on certain criteria is also part of this thesis.