funsec mailing list archives
Re: Vulnerability-based IPS Patent
From: Valdis.Kletnieks () vt edu
Date: Thu, 30 Mar 2006 11:31:42 -0500
On Wed, 29 Mar 2006 15:13:16 PST, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" said:
Data is tested in transit between a source medium and a destination medium, such as between two computer communicating over a telecommunications link or network. Each character of the incoming data stream is tested using a finite state machine which is capable of testing against multiple search strings representing the signatures of multiple known computer viruses.
Following the CHRISTMA exec of 1987, many of the affected systems implemented "filters" that would have done pretty much exactly that
Being one of the guys who implemented said filters, it would be a *real* stretch to call the filter implemented a "state machine", unless you take the stance that *anything* implemented on a S/370 architecture is a state machine because the underlying hardware is done as a state machine. For the most part, the "filter" consisted of mods to 2 places (RSCS and DMSDDL, the innards of the 'sendfile' command), that basically said either: 'if ftype='EXEC' then ftype='EXEC$' or 'if ftype='EXEC' then dest='BITBUCKT' Also, the test implemented was more akin to the current 'Nuke all executable extensions' often practiced at Windows sites, than 'known viruses'. When IBM's version came out as an RPQ, its documentation specifically addressed defanging all malicious executables, whether known or not. Sorry, the CHRISTMA filters don't count as prior art for *that* particular claim.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Vulnerability-based IPS Patent, (continued)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 30)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- Re: Vulnerability-based IPS Patent der Mouse (Mar 30)
- Re: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Drsolly (Mar 30)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 29)
- RE: Vulnerability-based IPS Patent Richard M. Smith (Mar 29)
- Re: Vulnerability-based IPS Patent Valdis . Kletnieks (Mar 30)
- RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)
- RE: Vulnerability-based IPS Patent Nick FitzGerald (Mar 29)
- RE: Vulnerability-based IPS Patent Larry Seltzer (Mar 29)