[Snort-devel] Re: Plymorphic shellcode detection preprocessor

gangadhar npk npkg at ...1093...
Wed Jan 30 23:21:04 EST 2002


Hello steven,
           first of all I would like to appreciate your effort in making 
a polymorphic shellcode detector. I would like to test the preprocessor, 
but before that there are few things I would like you to clarify.

    First of all , honestly, I would like to know more resources for 
buffer overflows and polymorphic shellcode and how they are transmitted 
so that I can build data like that and test the code.

   Second, there seems to be a part in the code which seems to beat 
me.The if statement,


   if (intel_njunk[junk_index].noppad)   {

    Can you tell me why you are using the noppad, if that particular 
junk is not being used for comparision ?

     I hope the query is clear .
                                bye
                                               Gangadhar


-- 
"Software is like sex: it's better when it's free"
                      - Linus





More information about the Snort-devel mailing list