Hello,
I have implemented an bare bones Intrusion detection
system that currently detects scans like open, bouce,
half open etc and a host of other tcp scans.
I would like to develop this into a full blown IDS
which is capable of detecting buffer overflow attacks,
sql injection etc.
I know how to implement buffer overflow attacks. But
how would an intrusion detection system detect a
buffer overflow attack. My question is at the layer
that the intrusion detection system operates, how will
it know that a particular string for exmaple is liable
to overflow a vulnerable buffer.
Are there other open source firewall implementations
other than snort?
I would apprecitate it if you could let me know.
Thanks,
Vinay
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
