[Snort-users] Re: http_preprocessor oddity with recent CVS snapshot

Ralf Hildebrandt Ralf.Hildebrandt at ...821...
Fri Mar 30 03:38:48 EST 2001

Ok, I can confirm this now:

a) If I DEACTIVATE http_decode, I get lots of "spp_http_decode unicode
   attack detected" warnings anyway.
b) If I ACTIVATE http_decode and use -unicode, I don't get the unicode
   warnings anymore, but now I get:

Mar 30 10:07:46 john snort[19596]: spp_http_decode: CGI Null byte attack detected : ->

Which is not as annoying, as it only occurs seldomly. But I'd really like to
disable the preprocessor entirely. 

ralf.hildebrandt at ...821...                            innominate AG
System Engineer                        Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX  fax: +49.(0)30.308806-698         

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010330/7cc533e1/attachment.sig>

More information about the Snort-users mailing list