Detection of Stack-based overflows by network-based IDS
¨Match signatures associated with NOP sleds
¨Identify typical machine language exploit code to get attackers’ commands executed ¨Look for frequently used return pointers associated with popular buffer overflows
¨