[Snort-devel] Polymorphic Shellcode Detection preprocessor
agent33 at ...269...
Wed Jan 30 04:55:12 EST 2002
> It makes a number of mistakes. Most important of which is
> being able to walk off the end of the packet at pkt_data +=
> (Woop! Woop! Danger Will Robinson!)
Whoops, that is what I get for porting someone elses code without auditing
it carefully, sorry :(. Even though the plugin Dragos is working on is
probably better, and, as I think I mentioned quite a few times, mine will
eat cpu at high data rates, I am gonna fix it, just for the mental excerise.
> I would like to thank Steve for his appreciated and well
> intentioned effort, and wonder
> if he would like to be an alpha tester for my code...
I would love to help.
More information about the Snort-devel