Hello, I have implemented an bare bones Intrusion detection system that currently detects scans like open, bouce, half open etc and a host of other tcp scans.
I would like to develop this into a full blown IDS which is capable of detecting buffer overflow attacks, sql injection etc. I know how to implement buffer overflow attacks. But how would an intrusion detection system detect a buffer overflow attack. My question is at the layer that the intrusion detection system operates, how will it know that a particular string for exmaple is liable to overflow a vulnerable buffer. Are there other open source firewall implementations other than snort? I would apprecitate it if you could let me know. Thanks, Vinay __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/