'prevmatch' patch
Luigi Rizzo
rizzo at icir.org
Fri Jan 30 00:27:00 PST 2004
On Thu, Jan 29, 2004 at 11:49:47PM +0100, Pawel Malachowski wrote:
> On Tue, Jan 27, 2004 at 01:02:24AM -0800, Luigi Rizzo wrote:
>
> > + add a new opcode that matches arbitrary bit patterns;
>
> Only in packet headers or in packets data? (Blocking x-kazaa
> without the need of using Snort etc.;))
in the flags. It is completely trivial to implement a generic 'match'
opcode to look for specific payloads, but 1) it would be
very expensive to run on the packets, and 2) i do not see
much of a point, viruses will soon become somthing like
useful instruction
jmp 1f
random junk
1: useful instruction
useful instruction
jmp 2f
random junk
2: useful instruction
...
thus defeating any virus scanner based on signatures.
cheers
luigi
>
> --
> Pawel Malachowski
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list