Helge Hafting wrote:
RVK wrote:
Proxies can be a good way of filtering but it can't avoid buffer
overflows.
Yes they can - did you read and udnerstand my previous post at all?
A proxy _can_ avoid a buffer overflow by noticing the
anomalously large data item and simply refuse to pass
it on t
RVK wrote:
Proxies can be a good way of filtering but it can't avoid buffer
overflows.
Yes they can - did you read and udnerstand my previous post at all?
A proxy _can_ avoid a buffer overflow by noticing the
anomalously large data item and simply refuse to pass
it on to the real server! The
Proxies can be a good way of filtering but it can't avoid buffer
overflows. It can only increase it. More code more bugs. If it is
running on a hardware firewall as a service then its more dangerous as
once it is compramised then IDS signatures also can be deleated :-). No
use of IDS the right
RVK wrote:
I don't think buffer overflow has anything to do with transparent
proxy. Transparent proxying is just doing some protocol filtering.
A transparent proxy is a protocol filter, which is why it is an
ideal way of detecting protocol-dependent buffer overflow attacks.
The detection code
I don't think buffer overflow has anything to do with transparent proxy.
Transparent proxying is just doing some protocol filtering. Still the
proxy code may have some buffer overflows. The best way is first to try
avoiding any buffer overflows and take programming precautions. Other
way is to
Vinay Venkataraghavan wrote:
I know how to implement buffer overflow attacks. But
how would an intrusion detection system detect a
buffer overflow attack.
Buffer overflow attacks vary, but have one thing in common. The
overflow string is much longer than what's usual for the app/protocol in
Vinay Venkataraghavan wrote:
Hello,
Hello, *devil's advocate hat on*
I have implemented an bare bones Intrusion detection
system that currently detects scans like open, bouce,
half open etc and a host of other tcp scans.
As an aside, why, we have snort?
I would like to develop this into a
> Are there other open source firewall implementations
> other than snort?
>
> I would apprecitate it if you could let me know.
> Thanks,
> Vinay
>
I might be wrong and this might be a stupid answer but... How about
iptables?
iptables blocks everything incomind, allows, deny and forwards, so I th
8 matches
Mail list logo
