Snort mailing list archives
Re: porn.rules
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 9 Nov 2007 14:11:10 -0500
I use squid. Im looking through the access logs now. If I send the
payload, can someone
look at it and determine if it is a false hit? I dont think it is though.
Sure. Also, I wrote a Perl script for converting hex to ASCII. It was originally done to decode Snort payloads stored in MySQL. $ echo "5353482D322E302D312E32340A" | ./hex2asc.pl ASCII Output: SSH-2.0-1.24 --- cut --- #!/usr/bin/perl use strict; sub hex_to_ascii ($) { (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg; return $str; } my $str; while ($str=<STDIN>) { my $a_str = hex_to_ascii $str; print "\n\nASCII Output:\n"; print $a_str; } --- paste --- PaulM ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- porn.rules dhottinger (Nov 09)
- Re: porn.rules rmkml (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules David J. Bianco (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Schmehl (Nov 09)
- How much will a huge list of subnets to the frag3 preprocessor slow snort? Bachelor, Stephen A CTR USSOCOM HQ (Nov 09)
- Re: How much will a huge list of subnets to the frag3preprocessor slow snort? Paul Melson (Nov 09)