Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Logging UNICOIDE

From: Dragos Ruiu <dr () dursec com>
Date: Tue, 22 May 2001 14:28:36 +0000
On Tuesday 22 May 2001 01:30, Nalneesh Gaur wrote:

Is there a way to specify options to http_decode so that details of the
data passed in the UNICODE attack are logged as well.


You should be able to extract this information from packet logged with
the alert. Check the payload of the packets and you should be able to find
the string with cmd.exe or whatever...

--dr

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: