Rob MacGregor wrote:
On 1/30/06, Rajkumar S <[EMAIL PROTECTED]> wrote:
The idea is to have a small packet queue where last n packets are
stored, scanned and then transmitted in a cyclic fashion. ie first
n-1 packets will just gets queued, when the nth packet arrives, the
queue is scanned, and 1st packet is released and nth packets is
appended to the queue. This process is repeated for every packet.
What about out of order packets? What about duplicates...?
These are problems, I was actually looking at this from a theoretical
perspective, like can this approach ever work. Our of order and
duplicate packets are solvable problems (I understand they are not easy,
but IDS has done it before) So is performance.
be better off defaulting to blocking all outbound traffic and routing
all allowed traffic through proxies or gateways.
It may not be possible to run proxies for all applications used by
users. While proxies are one of the better ways to control traffic, I am
just exploring alternate ways to achieve a much more general solution.
That means that it has to be in the wild *before* you can get
signatures to detect it.
Okay.
Which may mean that you're already infected.
How come? A virus in wild <> I getting infected. But there is a chance
that wild == my PC :) But that's the risk we take with all AV.
raj
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
