[Snort-users] IIS Unicode attack detected
joey at ...155...
Wed Mar 14 20:32:21 EST 2001
To completely ignore unicode attacks, you should add -unicode to the
preprocessor's command line. This will still allow the preprocessor to
perform chararacter conversions and cgi null attack checks.
| Joe McAlerney, Silicon Defense |
| http://www.silicondefense.com/ |
Habu Takuya wrote:
> I think what generates this alert is not a rule, but
> "HTTP decode Preprocessor".
> If you use snort.conf file, probably you can see the following line
> in the middle (around line 116):
> preprocessor http_decode 80 8080
> comment out this line.
> > I'm new at snorg. I've installed the current release to control our
> > traffic. I also installed the latest rulebase. Most of the alerts snort
> > generates are "spp_http_decode: IIS Unicode attack detected" alerts. Those
> > alerts occur often if some employes do a web connection to an internet
> > I want to turn off this alert but didn't find the rule which generates
> > alert. Does anybody know where I can turn off this rule?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users