[Snort-users] UTF-8 and Unicode packet content under snort 1.8.7
jsage at ...2022...
Sun Aug 18 10:27:02 EDT 2002
On Sat, Aug 17, 2002 at 07:45:43PM -0400, Chris Green wrote:
> John Sage <jsage at ...2022...> writes:
> > Hello world..
> > I'm currently involved in a discussion on another list where the
> > poster is stating that a Linux-based snort host, not updated to
> > properly handle UTF-8/Unicode encodings, will not correctly represent
> > binary-logged packet content that contains UTF-8/Unicode characters.
> I think the issue you are running into is that older versions of snort
> munged packet data when it normalized it wheras 1.9.x decode in a
> separte normalization buffer.
I'd think 1.8.7 should be OK, then..
Are there any issues with locale settings that you are aware of?
Again (and I shouldn't be implying that I really understand this :-/ )
locale -a does return POSIX
locale -m returns UTF-8 and UTF8, among others..
locale charmap returns ISO-8859-1, so that's what's currently active.
or is this all a tempest in a teapot?
> The only thing that might be an issue is the use of isspace type macros.
"You are in a little maze of twisty passages, all different."
PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800 4EF6 5FC8 F23D 35A4 F705
More information about the Snort-users