[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] hackerforsøg



On Mon, 18 Apr 2005 00:08:03 +0200
Mogens wrote:

> Wow! Sådan et filter vil jeg godt have!
> Altså kun fx. een 'mov a,b' instruktion?

Ak ja der fik du mig endnu en gang :-)

Da det er to integers som skal sammenlignes og alting ligger klar
når vi nu alligevel HAR sat filteret op, så er det altså som flg:

Load  		EBX,Remote_Address
Compare 	EBX,Package_Source_Address
JZ              DROP

Og hvis filteret er lidt smart, så har det allerede loadet
Package Source Address i et register (fx. ESI) og kan lave
en sammenligning uden at loade remote address.

GCC er rimelig god til at huske, hvad der står i et register.

Jeg ved godt Intel bruger "MOV" som de også har Copyright
og patent på, men det hedder altså at loade et register.
Du flytter jo ikke noget, tager en kopi.


-- 
donald_j_axel donax snabela get2net.dk -- http://d-axel.dk/


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:43 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *