Hi charles: Have you tested the sourcecode that comes with the paper: http://www.ngsec.com/downloads/misc/NIDSfindshellcode.tgz As far as i know is the first public code that does this stuff. It may be not hot-news but i think it worth the download, and is a better solution for current IDS than your exoteric thoughts with Neuronal Networks and distributed signature checking... INMHO uimplementable in current IDS technologies. Quoting from www.snort.org: "Paper: Polymorphicisms be gone ... His ideas revolve around counting multiple NOP type operations in a row and alerting when a threshold is reached. The idea has been kicked around for a while, but this is the first one that I have seen in actual implementation. ... " Current snort branch and its technique to detect shellcode is very easy foolable ;P... NIDSfindshellcode is also foolable but in a harder way. Robert Flicker _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
This archive was generated by hypermail 2b30 : Sat Jan 26 2002 - 09:17:57 PST