[Snort-users] porn.rules

Paul Melson pmelson at ...11827...
Fri Nov 9 14:11:10 EST 2007


> I use squid.  Im looking through the access logs now.  If I send the
payload, can someone 
> look at it and determine if it is a false hit?  I dont think it is though.

Sure.  Also, I wrote a Perl script for converting hex to ASCII.  It was
originally done to decode Snort payloads stored in MySQL.

$ echo "5353482D322E302D312E32340A" | ./hex2asc.pl

ASCII Output:
SSH-2.0-1.24


--- cut ---
#!/usr/bin/perl
use strict;
sub hex_to_ascii ($)
{
  (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;
  return $str;
}
my $str;
while ($str=<STDIN>)
{
  my $a_str = hex_to_ascii $str;
  print "\n\nASCII Output:\n";
  print $a_str;
}
--- paste ---

PaulM





More information about the Snort-users mailing list