Hello, I have implemented an bare bones Intrusion detection system that currently detects scans like open, bouce, half open etc and a host of other tcp scans. I would like to develop this into a full blown IDS which is capable of detecting buffer overflow attacks, sql injection etc. I know how to implement buffer overflow attacks. But how would an intrusion detection system detect a buffer overflow attack. My question is at the layer that the intrusion detection system operates, how will it know that a particular string for exmaple is liable to overflow a vulnerable buffer. Are there other open source firewall implementations other than snort? I would apprecitate it if you could let me know. Thanks, Vinay __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
