[Snort-devel] Polymorphic Shellcode Detection preprocessor

Steve Halligan agent33 at ...269...
Wed Jan 30 04:55:12 EST 2002


 
> It makes a number of mistakes.  Most important of which is
> being able to walk off the end of the packet at pkt_data += 
> intel_njunk[junk_index].len-1;
> (Woop! Woop! Danger Will Robinson!)
> 
Whoops, that is what I get for porting someone elses code without auditing
it carefully, sorry :(.  Even though the plugin Dragos is working on is
probably better, and, as I think I mentioned quite a few times, mine will
eat cpu at high data rates, I am gonna fix it, just for the mental excerise.

 
> I would like to thank Steve for his appreciated and well 
> intentioned effort, and wonder 
> if he would like to be an alpha tester for my code... 
I would love to help.




More information about the Snort-devel mailing list