Date: Fri, 30 Jan 2004 00:26:51 -0800 From: Luigi Rizzo <rizzo@icir.org> To: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl> Cc: freebsd-ipfw@freebsd.org Subject: Re: 'prevmatch' patch Message-ID: <20040130002651.A90690@xorpc.icir.org> In-Reply-To: <20040129224947.GA24612@shellma.zin.lublin.pl>; 11:49:47PM %2B0100 References: <20040127022307.GP40147@elvis.mu.org> <20040127010224.B11002@xorpc.icir.org> <20040129224947.GA24612@shellma.zin.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 29, 2004 at 11:49:47PM +0100, Pawel Malachowski wrote:
> On Tue, Jan 27, 2004 at 01:02:24AM -0800, Luigi Rizzo wrote:
>
> > + add a new opcode that matches arbitrary bit patterns;
>
> Only in packet headers or in packets data? (Blocking x-kazaa
> without the need of using Snort etc.;))
in the flags. It is completely trivial to implement a generic 'match'
opcode to look for specific payloads, but 1) it would be
very expensive to run on the packets, and 2) i do not see
much of a point, viruses will soon become somthing like
useful instruction
jmp 1f
random junk
1: useful instruction
useful instruction
jmp 2f
random junk
2: useful instruction
...
thus defeating any virus scanner based on signatures.
cheers
luigi
>
> --
> Pawel Malachowski
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040130002651.A90690>