[Snort-users] Logging UNICOIDE

Dragos Ruiu dr at ...50...
Tue May 22 10:28:36 EDT 2001


On Tuesday 22 May 2001 01:30, Nalneesh Gaur wrote:
> Is there a way to specify options to http_decode so that details of the
> data passed in the UNICODE attack are logged as well.

You should be able to extract this information from packet logged with
the alert. Check the payload of the packets and you should be able to find
the string with cmd.exe or whatever...

--dr




More information about the Snort-users mailing list