You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?
The presence of a long series of 'no operation' (NOP) commands, followed by a malicious payload, strongly indicates a buffer overflow attack. Buffer overflow attacks often use NOP sleds to create a safe landing area for the payload. The most appropriate preventative measure for this type of attack is to implement boundary checks on program inputs to ensure that input data does not exceed the allocated buffer limit, thereby preventing the overflow and subsequent execution of malicious code.
answer is B. Boundary checks on program inputs . It is buffer owerflow