Semester

Summer

Date of Graduation

2004

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Roy S. Nutter, Jr.

Abstract

Patch Management has become important in every system administrator's work profile. A missing patch can be essentially considered a vulnerability as the hackers make use of the knowledge of the vulnerability from the security bulletin and attempt attacks for that vulnerability. An efficient patch management solution is necessary to counter known vulnerabilities. For this an inventory listing of the patches installed in each system called a patch audit helps the system administrators know the patch status and install only the necessary patches. An important problem in patch auditing is that there may be many systems in a network for which the administrator does not have administrative privileges and hence cannot find the patch status. Current patch management tools do not address this problem.;This thesis investigates the possibility of finding patterns for missing patches by using TCP/IP Stack Fingerprinting. Malformed TCP packets are sent to the target system and the TCP and IP headers of the response from it are analyzed to find out specific patterns for a missing patch.;Windows based systems are the primary target since they typically constitute a majority of the systems in a network. They are as well, considered to be the most vulnerable. This investigation limits itself to classifying DCOM RPC Buffer overflow vulnerabilities on Windows based systems.

Share

COinS