Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

CHAPTER 17 Network Security > 17.1 SEARCHING FOR MULTIPLE STRINGS IN PACKET PAY... - Pg. 401

17.1 Searching for Multiple Strings in Packet Payloads 401 Number P15 P3a, 5a P3a P3a P3a Principle Integrated string matching using Aho­Corasick Used In Snort Approximate string match using min-wise hashing Altavista Path reconstruction using probabilistic marking Efficient packet logging via Bloom filters Worm detection by detecting frequent content Edge sampling SPIE EarlyBird F I G U R E 17.1 this chapter. Principles used in the implementation of the various security primitives discussed in sets and also describes a hardware implementation. Bloom filters have found a variety of uses and should be part of the implementor's bag of tricks. Section 17.5 explains how signatures for attacks can be automatically computed, reducing the delay and difficulty required to have humans generate signatures. 17.1 SEARCHING FOR MULTIPLE STRINGS IN PACKET PAYLOADS The first few sections tackle a problem of detecting an attack by searching for suspicious strings in payloads. A large number of attacks can be detected by their use of such strings. For example, packets that attempt to execute the Perl interpreter have perl.exe in their pay-