摘要 |
Network-level data traffic comprising data packets, wherein at least some of the data packets have at least one field of unbounded length, are received (101). A worm-detection signature is then generated (102) as a function, at least in part, of the lengths of particular data packet fields. So configured, these teachings are particularly suitable for use in detecting worms that seek to exploit the use of an unbounded field in a data packet to overwhelm buffer memory in a receiving network element as a basis for installing the worm's code.
|