Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Buffer overflow detection
From: Ilija Basicevic <ilibasic () safe-mail net>
Date: 30 Jun 2004 23:40:15 -0000


Paper titled:
Accurate Buffer Overflow Detection via Abstract Payload Execution,
by: Thomas Toth and Christopher Kruegel
describes a technique for detection of buffer overflow code.
It is based on measurement of maximal execution length of payload
string.
As I understand, basically they estimate the size of NOP sledge,
which tends to be big in case of buffer overflow.

Is this technique used in available IDS systems
for detection of polymorphic shell code ?

Ilija

---------------------------------------------------------------------------

---------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • Buffer overflow detection Ilija Basicevic (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]