Scientific Programming

Research Article

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

Table 3

BPF expression to mitigate CVE-2018-15887 vulnerability.
BPF expressionip[2 : 2] > 0x0174 and ip[9] == 0x06 and tcp[2 : 2] == 0x0050 and tcp[32] == 0x47 and tcp[326 : 4] == 0x3d253630
BPF assembler codeBytecode
(000) ldh[12]18
(001) jeq#0x800jt 2jf 1740 0 0 12
(002) ldh[16]21 0 15 2048
(003) jgt#0x174jt 4jf 1740 0 0 16
(004) ldb[23]37 0 13 372
(005) jeq#0x6jt 6jf 1748 0 0 23
(006) jeq#0x6jt 7jf 1721 0 11 6
(007) ldh[20]21 0 10 6
(008) jset#0x1fffjt 17jf 940 0 0 20
(009) ldxb4  ([14]&0xf)69 8 0 8191
(010) ldh[x + 16]177 0 0 14
(011) jeq#0x50jt 12jf 1772 0 0 16
(012) ldb[x + 46]21 0 5 80
(013) jeq#0x47jt 14jf 1780 0 0 46
(014) ld[x + 340]21 0 3 71
(015) jeq#0x3d253630jt 16jf 1764 0 0 340
(016) ret#26214421 0 1 1025848880
(017) ret#06 0 0 262144
6 0 0 0
Iptables commands
iptables -t filter -A INPUT -m bpf --bytecode “18,40 0 0 12,21 0 15 2048,40 0 0 16,37 0 13 372,48 0 0 23,21 0 11 6,21 0 10 6,40 0 0 20,69 8 0 8191,177 0 0 14,72 0 0 16,21 0 5 80,80 0 0 46,21 0 3 71,64 0 0 340,21 0 1 1025848880,6 0 0 262144,6 0 0 0” -j DROP
iptables -t filter -A INPUT -m bpf --bytecode “18,40 0 0 12,21 0 15 2048,40 0 0 16,37 0 13 372,48 0 0 23,21 0 11 6,21 0 10 6,40 0 0 20,69 8 0 8191,177 0 0 14,72 0 0 16,21 0 5 80,80 0 0 46,21 0 3 71,64 0 0 340,21 0 1 1025848880,6 0 0 262144,6 0 0 0” -j LOG --log-prefix “Filter.tlk”