Snort mailing list archives
Re: UTF-8 and Unicode packet content under snort 1.8.7
From: John Sage <jsage () finchhaven com>
Date: Sun, 18 Aug 2002 10:26:05 -0700
Chris: On Sat, Aug 17, 2002 at 07:45:43PM -0400, Chris Green wrote:
John Sage <jsage () finchhaven com> writes:Hello world.. I'm currently involved in a discussion on another list where the poster is stating that a Linux-based snort host, not updated to properly handle UTF-8/Unicode encodings, will not correctly represent binary-logged packet content that contains UTF-8/Unicode characters.I think the issue you are running into is that older versions of snort munged packet data when it normalized it wheras 1.9.x decode in a separte normalization buffer.
I'd think 1.8.7 should be OK, then.. Are there any issues with locale settings that you are aware of? Again (and I shouldn't be implying that I really understand this :-/ ) locale -a does return POSIX and locale -m returns UTF-8 and UTF8, among others.. and locale charmap returns ISO-8859-1, so that's what's currently active. or is this all a tempest in a teapot?
The only thing that might be an issue is the use of isspace type macros.
Wazzat? Example? Thnx.. - John -- "You are in a little maze of twisty passages, all different." PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint: C493 9F26 05A9 6497 9800 4EF6 5FC8 F23D 35A4 F705 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- UTF-8 and Unicode packet content under snort 1.8.7 John Sage (Aug 17)
- Re: UTF-8 and Unicode packet content under snort 1.8.7 John Sage (Aug 17)
- Re: UTF-8 and Unicode packet content under snort 1.8.7 J. Craig Woods (Aug 17)
- Re: UTF-8 and Unicode packet content under snort 1.8.7 John Sage (Aug 17)
- Re: UTF-8 and Unicode packet content under snort 1.8.7 Chris Green (Aug 17)
- Re: UTF-8 and Unicode packet content under snort 1.8.7 John Sage (Aug 18)