funsec mailing list archives

RE: Vulnerability-based IPS Patent

From: "Richard M. Smith" <rms () bsf-llc com>
Date: Wed, 29 Mar 2006 18:44:06 -0500

Yes, I agree that the idea is pretty obvious nowadays. 

For a filter for the "CHRISTMA exec" worm to be considered prior art, a copy
of one of these filters would have to be somehow dug up and analyzed.  Might
be tough.

Richard 

-----Original Message-----
From: Rob, grandpa of Ryan, Trevor, Devon & Hannah [mailto:rMslade () shaw ca] 
Sent: Wednesday, March 29, 2006 6:13 PM
To: Richard M. Smith; funsec () linuxbox org
Subject: RE: [funsec] Vulnerability-based IPS Patent

From:                   "Richard M. Smith" <rms () bsf-llc com>
Date sent:              Wed, 29 Mar 2006 17:24:26 -0500

Are you (or anyone else) aware of prior art for this AV patent:

Data is tested in transit between a source medium and a destination 
medium, such as between two computer communicating over a

telecommunications link or network.

Each character of the incoming data stream is tested using a finite 
state machine which is capable of testing against multiple search 
strings representing the signatures of multiple known computer 
viruses. When a virus is detected the incoming data is prevented from

remaining on the destination storage medium.

Following the CHRISTMA exec of 1987, many of the affected systems
implemented "filters" that would have done pretty much exactly that.  You
might also want to look at Fred's thesis and dissertation, from 1984 and
1986, to see whether he applied scanning to comm links: he was big into
state machines.

I'd have to search the archives for email on it, but I rather suspect that
someone might have discussed it.  It's a pretty obvious idea.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca      slade () victoria tc ca      rslade () sun soci niu edu
More than any time in history mankind faces a crossroads.  One path leads to
despair and utter hopelessness, the other to total extinction.  Let us pray
that we have the wisdom to choose
correctly.                                             - Woody Allen
http://victoria.tc.ca/techrev/rms.htm

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: Vulnerability-based IPS Patent, (continued)
- - - RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
    - RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 30)
    - RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
    - Re: Vulnerability-based IPS Patent der Mouse (Mar 30)
    - Re: Vulnerability-based IPS Patent Drsolly (Mar 30)
    - RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
    - RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
    - RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
    - RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
    - RE: Vulnerability-based IPS Patent Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 29)
    - RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
    - Re: Vulnerability-based IPS Patent Valdis . Kletnieks (Mar 30)
    - RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)
    - RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
    - RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)