[Snort-users] IDS Evasion with Unicode
jstewart at ...262...
Wed Jan 3 13:35:58 EST 2001
On Wed, 03 Jan 2001, you wrote:
> oh oh. This article in at www.securityfocus.com wasn't any too
> to snort :-( Now I'm wondering if I'm running anything that's
> unicode that I don't know about. hmmmm. A little knowledge is a scary
The CVS version of snort has unicode evasion alerting built in to the HTTP
preprocessor. You will get a few false positives due to the use of non-ascii
urlencodings in the occasional cookie string, but it will definately catch all
unicode overlong sequences, without the overhead of true unicode processing.
More information about the Snort-users