Intrusion Detection Systems mailing list archives
Detecting exploits/shellcode
From: je () sekure net (Jonas Eriksson)
Date: Thu, 15 Jun 2000 09:30:15 +0200 (CEST)
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au Is it possible to detect buffer-overflow exploits beeing sent over the network, execpt for having a database of shellcode? Should it be possible somehow to decode the assembler code beeing sent, or am i wrong? -- Jonas Eriksson
Current thread:
- Detecting exploits/shellcode Jonas Eriksson (Jun 15)
- Re: Detecting exploits/shellcode diphen () agitation net (Jun 15)
- Re: Detecting exploits/shellcode Marco Vaz (Jun 15)
- FW: Snort 1.6 and nmap 2.54beta1 Mila, Brian D (Jun 15)
- <Possible follow-ups>
- Re: Detecting exploits/shellcode Marcus J. Ranum (Jun 15)
- Re: Detecting exploits/shellcode Ron Gula (Jun 15)
- Re: Detecting exploits/shellcode Max Vision (Jun 16)
- Re: Detecting exploits/shellcode Max Vision (Jun 17)
- Re: Detecting exploits/shellcode Ron Gula (Jun 15)
- Testing Message at 12:35 idsmlist owner (Jun 15)
- Testing Message at 15:45 idsmlist owner (Jun 16)
- Re: Detecting exploits/shellcode Robert Graham (Jun 15)