> Another good way to differentiate the encoded characters is to trap on > encoding characters that _should_ be normal ASCII letters or numbers. In > theory, the only characters that should be encoded would be outside this > range so it's a good bet that encoding normal characters is an > obfuscation attempt. > > This will definitely need to be a weighted test though.
Wouldn't that also take a good amount of resources, since the string would have to be decoded twice, one for "logical" and one for hex? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
