Hello, I have implemented an bare bones Intrusion detection system that currently detects scans like open, bouce, half open etc and a host of other tcp scans. I would like to develop this into a full blown IDS which is capable of detecting buffer overflow attacks, sql injection etc. I know how to implement buffer overflow attacks. But how would an intrusion detection system detect a buffer overflow attack. My question is at the layer that the intrusion detection system operates, how will it know that a particular string for exmaple is liable to overflow a vulnerable buffer. Are there other open source firewall implementations other than snort? I would apprecitate it if you could let me know. Thanks, Vinay __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
