SnortID.com - Search for SNORT ID's - Snort is a registered trademark of Sourcefire, Inc

Enter a Snort ID to lookup (e.g 1:269)

Search String: 119:3

N.B.: Maximum of 50 results are displayed

Sid	Summary	Impact	Detailed Information	Affected Systems	Attack Scenarios	Ease of Attack	False Positive	False Negative	Corrective Action	Contributors	Additional References
119:3	This event is generated when the pre-processor http_inspect detects network traffic that may constitute an attack.	Unknown. This may be an attempt to evade an IDS.	This event is generated when Unicode characters are present in a request sent to a web server. This may indicate an attempt to evade an IDS in an attempted attack against the server. No known browsers use unicode encoding, it is likely that this event indicates a malicious request. This event can be controlled using the ((http_inspect)) configuration options.	Microsoft IIS Servers.	An attacker might encode the malicious request to the web server using Unicode characters, this may then evade an IDS monitoring traffic and he could then launch a successful attack without being detected.	Simple. Exploits exist.	None Known.	None Known.	Check the target host for signs of compromise. Apply any appropriate vendor supplied patches.	Daniel Roelker Sourcefire Vulnerability Research Team Nigel Houghton	HTTP IDS Evasions Revisited - Daniel Roelker http://docs.idsresearch.org/http_ids_evasions.pdf