[Snort-users] UTF-8 and Unicode packet content under snort 1.8.7

John Sage jsage at ...2022...
Sun Aug 18 10:27:02 EDT 2002


On Sat, Aug 17, 2002 at 07:45:43PM -0400, Chris Green wrote:
> John Sage <jsage at ...2022...> writes:
> > Hello world..
> >
> > I'm currently involved in a discussion on another list where the
> > poster is stating that a Linux-based snort host, not updated to
> > properly handle UTF-8/Unicode encodings, will not correctly represent
> > binary-logged packet content that contains UTF-8/Unicode characters.
> >
> I think the issue you are running into is that older versions of snort
> munged packet data when it normalized it wheras 1.9.x decode in a
> separte normalization buffer.

I'd think 1.8.7 should be OK, then..

Are there any issues with locale settings that you are aware of?

Again (and I shouldn't be implying that I really understand this :-/ )

locale -a does return POSIX


locale -m returns UTF-8 and UTF8, among others..


locale charmap returns ISO-8859-1, so that's what's currently active.

or is this all a tempest in a teapot?

> The only thing that might be an issue is the use of isspace type macros.

Wazzat? Example?


- John
"You are in a little maze of twisty passages, all different."

PGP key:     http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705

More information about the Snort-users mailing list