Re: porn.rules

["Paul Melson" <pmelson () gmail com>]

> I use squid.  Im looking through the access logs now.  If I send the
payload, can someone 
> look at it and determine if it is a false hit?  I dont think it is though.

Sure.  Also, I wrote a Perl script for converting hex to ASCII.  It was
originally done to decode Snort payloads stored in MySQL.

$ echo "5353482D322E302D312E32340A" | ./hex2asc.pl

ASCII Output:
SSH-2.0-1.24


--- cut ---
#!/usr/bin/perl
use strict;
sub hex_to_ascii ($)
{
  (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;
  return $str;
}
my $str;
while ($str=<STDIN>)
{
  my $a_str = hex_to_ascii $str;
  print "\n\nASCII Output:\n";
  print $a_str;
}
--- paste ---

PaulM


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users