[Snort-users] porn.rules

Paul Melson pmelson at ...11827...
Fri Nov 9 14:11:10 EST 2007

> I use squid.  Im looking through the access logs now.  If I send the
payload, can someone 
> look at it and determine if it is a false hit?  I dont think it is though.

Sure.  Also, I wrote a Perl script for converting hex to ASCII.  It was
originally done to decode Snort payloads stored in MySQL.

$ echo "5353482D322E302D312E32340A" | ./hex2asc.pl

ASCII Output:

--- cut ---
use strict;
sub hex_to_ascii ($)
  (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;
  return $str;
my $str;
while ($str=<STDIN>)
  my $a_str = hex_to_ascii $str;
  print "\n\nASCII Output:\n";
  print $a_str;
--- paste ---


More information about the Snort-users mailing list