Menu
▾
▴
[Snort-inline-users] A preprocessor for polymorphic shellcodes detection?
|
From: Imane G <har...@ho...> - 2006-07-21 16:21:29
|
<html><div style='background-color:'><DIV class=RTE> <P>Hellow, I am a noobe at Snort.I also apologies for my bad english.</P> <P>I have to developpe a preprocessor for Snort-inline to detecte polymorphic shellcodes by scaning the payload for 'Nop sleds' and 'Fake nop sled' (including those using multibyte instructions) and maybe also by looking for the jmp esp edrsses in the paquets payload.</P> <P>I have some questions and I am praying that someone could anser me:</P> <P>1- I heard about the Fnord preprocessor for Snort. Why isn't it integrated to snort inline? </P> <P>2- I think about using a Neural Network and spectrum analysis (I am still far from it) to detecte the Sleds. will my preprocessor significently slow down the systmem?</P> <P>3- Do anybody have any sugestions or remarks about what I am about to do?<BR></P> <P>Regards,</P> <DIV></DIV><FONT color=#000000></DIV> <DIV></DIV></FONT></div><br clear=all><hr>MSN Messenger <a href="http://g.msn.com/8HMAFR/2737??PS=47575" target="_top">: appels gratuits de PC à PC partout dans le monde !</a> </html> |