From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 30 00:27:00 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02EBF16A4CE for ; Fri, 30 Jan 2004 00:27:00 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED99143D1D for ; Fri, 30 Jan 2004 00:26:58 -0800 (PST) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i0U8QpAF090921; Fri, 30 Jan 2004 00:26:51 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i0U8Qp47090920; Fri, 30 Jan 2004 00:26:51 -0800 (PST) (envelope-from rizzo) Date: Fri, 30 Jan 2004 00:26:51 -0800 From: Luigi Rizzo To: Pawel Malachowski Message-ID: <20040130002651.A90690@xorpc.icir.org> References: <20040127022307.GP40147@elvis.mu.org> <20040127010224.B11002@xorpc.icir.org> <20040129224947.GA24612@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20040129224947.GA24612@shellma.zin.lublin.pl>; 11:49:47PM +0100 cc: freebsd-ipfw@freebsd.org Subject: Re: 'prevmatch' patch X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 08:27:00 -0000 On Thu, Jan 29, 2004 at 11:49:47PM +0100, Pawel Malachowski wrote: > On Tue, Jan 27, 2004 at 01:02:24AM -0800, Luigi Rizzo wrote: > > > + add a new opcode that matches arbitrary bit patterns; > > Only in packet headers or in packets data? (Blocking x-kazaa > without the need of using Snort etc.;)) in the flags. It is completely trivial to implement a generic 'match' opcode to look for specific payloads, but 1) it would be very expensive to run on the packets, and 2) i do not see much of a point, viruses will soon become somthing like useful instruction jmp 1f random junk 1: useful instruction useful instruction jmp 2f random junk 2: useful instruction ... thus defeating any virus scanner based on signatures. cheers luigi > > -- > Pawel Malachowski > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"