Do you have a question? Post it now! No Registration Necessary. Now with pictures!
April 29, 2004, 2:13 pm
rate this thread
i am developing an ids y i have found that some of these ids,
use algorithms that search for matches in different lengths of
strings. If i am not confused, SNORT, uses 'wu-manber' algorithm
to search sings of attack inside these 'strings'.
I would like to use this algorithm in my IDS, but i do not
know exactly how is it, and how to use it; Do i have to treat
some way the patterns i have to find, or is it in the part of data,
where the patterns will be found?
My ids rules, have exactly the same structures that Snort has,
where the patterns to find must be mixed (that is, that these
can contain binary and text data -as |0A 00 03|version-). And
when one rule contains more than one pattern to find, in some
cases it is necessary to take the length in bytes, between the
coincidences of the first pattern and the next one, to be
considered an attack. It is becouse of this, where i am confused
about the way of treatment i have to make of the patterns before
using 'wu-manber' algorithm.
Please, could anybody explain me, or give me a tint about how to
use this algorithm and where can i found the source?
And in order to my implementation, does anybody know if there is
a perl module for this algorithm?
Thank you very very much in advance ;-)
- » FA on EBAY: SYMANTEC'S NORTON YOUR EYES ONLY for Windows 95 (FULL)
- — Next thread in » General Computer Security
- » Trouble programming network access filter gateway
- — Previous thread in » General Computer Security