Re: what does that mean these logs?

[Phil Wood <cpw () lanl gov>]

On Tue, Dec 18, 2001 at 11:10:53PM +0900, ls1100 wrote:
> Dec 18 23:15:44 ids snort[9950]: [110:3:1] spp_unidecode: Unknown Unicode Mapping.  If you know what this maps to 
> contact anonpoet () inconnu isu edu. {TCP} 211.xxx.xx.xxx:2586 -> 211.39.33.46:80
> [root@ids snort]# Dec 18 23:15:44 ids snort[9950]: [110:3:1] spp_unidecode: Unknown Unicode Mapping.  If you know 
> what this maps to contact anonpoet () inconnu isu edu. {TCP} 211.xxx.xx.xxx:2586 -> 211.39.33.46:80

It means you have the following preprocessor configuration entry:

  preprocessor unidecode:80

It means that the preprocessor ran across an unknown unicode mapping.  If
that doesn't ring a bell try groking:

  http://www.unicode.org/unicode/onlinedat/online.html

It means that the author of the unidecode preprocessor for snort would like
you to send him a hex dump of the packet that generated the alert.

It means that if all you have is the short form alert, you can ignore it.  
Otherwise, you could send the full hex dump of the offending packet to:

  anonpoet () inconnu isu edu

and hope that he has not moved on to better things.

Or, finally it means that you just disable that preprocessor and ignore the
whole thing.

Actually, it might mean something else.  I just have a lot of free time on
my hands, but need to move on.

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users