03-24-2008
43,
0
Join Date: Nov 2007
Last Activity: 30 October 2008, 9:32 AM EDT
Location: India
Posts: 43
Thanks Given: 0
Thanked 0 Times in 0 Posts
And now for your question:
every program that you execute has two basic portions:
1 - code section
2 - data section
well there are more sections but if i start explaining, i will have to devote the whole day
code section is the section that the processor executes - i mean the instructions
and data section is where all the data is stored like integer values, constants and stuff - this is also called text section
libc addresses get randomized because of various factors like the amount of space that kernel occupys in the RAM or RAM size itself, when libc is loaded, etc
.text will be static - coz its the text section devoted for storing data. Remember every process has a certain portion of memory reserved for it?
You say .text is static because you are actually calculating the offset address from where the code starts in the memory. In real if you calculate .text will be in different parts of memory in each and every computer
Now please explain me: what does egress has to do with it? I mean egress is a packet filtering tool as far as my knowledge goes. How would it scan the computer's memory and find out about this? If you are sending some sort of shell code to spawn a remote shell egress CANNOT detect it. well it can if it start comparing the text segement offset address from the packet's beginning. but a normal filter like egress cannot do that.This is the job of an IDS (snort?)
If you really want deeper knowledge in this field about bypassing firewalls or IDS check out phrack.org. Sorry i cannot provide you with the exact link as i dont access phrack from work (they are kind of picky)
BTW langley cyber attack was a DDOS attack and not targeted on libc though.
~s4g3