Scientific Programming

Research Article

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

Table 2

BPF expression to mitigate CVE-2018-17173 vulnerability.
BPF expressionip[2 : 2] > 0x008A and ip[9] == 0x06 and tcp[2 : 2] == 0x2378 and tcp[32] == 0x47 and tcp[77 : 4] == 0x3d253237 and tcp[81 : 4] == 0x2532302d and tcp[85] == 0x3b
BPF assembler codeBytecode
(000) ldh[12]22
(001) jeq#0x800jt 2jf 2140 0 0 12
(002) ldh[16]21 0 19 2048
(003) jgt#0x8ajt 4jf 2140 0 0 16
(004) ldb[23]37 0 17 138
(005) jeq#0x6jt 6jf 2148 0 0 23
(006) jeq#0x6jt 7jf 2121 0 15 6
(007) ldh[20]21 0 14 6
(008) jset#0x1fffjt 21jf 940 0 0 20
(009) ldxb4  ([14]&0xf)69 12 0 8191
(010) ldh[x + 16]177 0 0 14
(011) jeq#0x2378jt 12jf 2172 0 0 16
(012) ldb[x + 46]21 0 9 9080
(013) jeq#0x47jt 14jf 2180 0 0 46
(014) ld[x + 91]21 0 7 71
(015) jeq#0x3d253237jt 16jf 2164 0 0 91
(016) ld[x + 95]21 0 5 1025847863
(017) jeq#0x2532302djt 18jf 2164 0 0 95
(018) ldb[x + 99]21 0 3 624046125
(019) jeq#0x3bjt 20jf 2180 0 0 99
(020) ret#26214421 0 1 59
(021) ret#06 0 0 262144
6 0 0 0
Iptables commands
iptables -t filter -A INPUT -m bpf --bytecode “22,40 0 0 12,21 0 19 2048,40 0 0 16,37 0 17 138,48 0 0 23,21 0 15 6,21 0 14 6,40 0 0 20,69 12 0 8191,177 0 0 14,72 0 0 16,21 0 9 9080,80 0 0 46,21 0 7 71,64 0 0 91,21 0 5 1025847863,64 0 0 95,21 0 3 624046125,80 0 0 99,21 0 1 59,6 0 0 262144,6 0 0 0” -j DROP
iptables -t filter -A INPUT -m bpf --bytecode “22,40 0 0 12,21 0 19 2048,40 0 0 16,37 0 17 138,48 0 0 23,21 0 15 6,21 0 14 6,40 0 0 20,69 12 0 8191,177 0 0 14,72 0 0 16,21 0 9 9080,80 0 0 46,21 0 7 71,64 0 0 91,21 0 5 1025847863,64 0 0 95,21 0 3 624046125,80 0 0 99,21 0 1 59,6 0 0 262144,6 0 0 0” -j LOG --log-prefix “Filter.tlk”