[Snort-users] Bare byte alerts but no non-ASCII characters!
This is a discussion on [Snort-users] Bare byte alerts but no non-ASCII characters! within the Snort forums, part of the System Security and Security Related category; I'm looking at several "BARE BYTE UNICODE ENCODING" alerts, and wondering w= hy = are triggered, because as ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-21-2008
|
|||
|
|||
[Snort-users] Bare byte alerts but no non-ASCII characters!
I'm looking at several "BARE BYTE UNICODE ENCODING" alerts, and wondering w=
hy = are triggered, because as far as I understand it, it means there are = non-ASCII, non percent encoded characters in the request. However, all the bytes in the payload (at least as shown in BASE, and I don= 't = have favorite suspects), are in the sub 0x80 range. Any ideas about why this is happening? They aren't the only weird alerts I'= ve = got, but one of the most prevalent. -- = Julio C=E9sar G=E1zquez Seguridad Inform=E1tica -- Int. 736 Municipalidad de Rosario ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 11:02 PM.
