Snort mailing list archives
Re: Logging UNICOIDE
From: Dragos Ruiu <dr () dursec com>
Date: Tue, 22 May 2001 14:28:36 +0000
On Tuesday 22 May 2001 01:30, Nalneesh Gaur wrote:
Is there a way to specify options to http_decode so that details of the data passed in the UNICODE attack are logged as well.
You should be able to extract this information from packet logged with the alert. Check the payload of the packets and you should be able to find the string with cmd.exe or whatever... --dr _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logging UNICOIDE Nalneesh Gaur (May 21)
- Re: Logging UNICOIDE Dragos Ruiu (May 22)