Table of Contents
Previous Section Next Section

Chapter 13. Worm-Blocking Techniques and Host-Based Intrusion Prevention

" When meditating over a disease, I never think of finding a remedy for it, but, instead, a means of preventing it."

Louis Pasteur (1822-1895)

Since the Morris worm in 1988, computer worms have been one of the biggest challenges of the Internet Age. Every month, critical vulnerabilities are reported in a wide variety of operating systems and applications. Similarly, the number of computer worms that exploit system vulnerabilities is growing at an alarming rate.

This chapter presents some promising host-based intrusion prevention techniques that can stop entire classes of fast-spreading worms using buffer overflow attacks, such as the W32/CodeRed1, Linux/Slapper2, and W32/Slammer3 worms.

Note

I have summarized buffer overflow techniques that I found to be the most relevant. There are a few additional solutions I avoided discussing in detail because either they are not significant or are very specialized solutions, covering only a handful of exploitation possibilities.


    Table of Contents
    Previous Section Next Section