Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan

Event Data

Similar to the static application data approach, transient data may also be used as a context-key so long as it persists long enough for the decoder stub to access it. Consider the scenario of a DNS server which is vulnerable to an overflow when parsing an incoming host name or address look-up request. If portions of the request are stored in memory prior to the vulnerability being triggered, the data provided by the request could potentially be used for contextual keying if it's location is predictable. Values such as IP addresses, port numbers, packet sequence numbers, and so forth are all potentially viable for use as a context-key.