[Snort-users] Unicode hack detection revisited
dwhite at ...1486...
Mon Mar 5 16:44:30 EST 2001
/me kicks SourceForge; they aren't archiving lists in 2001.
I'm wondering if there's been any progress on tightening the IIS Unicode
hack detection in http_decode. I just got hit with a false positive when
someone logged into Netscape Mail and it finds the evil characters in the
cookie. I'd prefer to use a standard alert rule instead of the
http_decode heuristic so I can regulate it to inbound nastiness only.
Thanks for any info!
Doug White | FreeBSD: The Power to Serve
dwhite at ...1486... | www.FreeBSD.org
More information about the Snort-users