Snort mailing list archives
Error trapping signatures ...
From: "Jon Baer" <security () jonbaer net>
Date: Sat, 21 Jun 2003 20:01:14 -0700
i was trying to rip through the archives to see what opinions existed for things like error trapping and could not find much i only joined the list not too long ago but im looking to see if there are any downsides to error trapping ... i first noticed that oracle.rules did not have any outbound alerts and then i created a few for mysql: alert tcp $SQL_SERVERS 3306 -> $EXTERNAL_NET any (msg: "MySQL no database selected"; content: "|FF 16 04|"; classtype:protocol-syntax-error; rev:1;) alert tcp $SQL_SERVERS 3306 -> $EXTERNAL_NET any (msg: "MySQL syntax error"; content: "|FF 28 04|"; classtype:protocol-syntax-error; rev:1;) alert tcp $SQL_SERVERS 3306 -> $EXTERNAL_NET any (msg: "MySQL non-existing table access attempt"; content: "|FF 7A 04|"; classtype:protocol-syntax-error; rev:1;) alert tcp $SQL_SERVERS 3306 -> $EXTERNAL_NET any (msg: "MySQL non-existing column access attempt"; content: "|FF 1E 04|"; classtype:protocol-syntax-error; rev:1;) i realize a dev box to have them set to pass vs. alert but is there a downside to having a handful of these type of alerts around? - jon NYCSnort: www.nycsnort.org pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Error trapping signatures ... Jon Baer (Jun 21)
- Re: Error trapping signatures ... Erek Adams (Jun 22)
- Re: Error trapping signatures ... Jon Baer (Jun 22)
- Re: Error trapping signatures ... Erek Adams (Jun 22)