[Snort-devel] NEW Mysql rule needed!

Anyi Liu1 wagnerliuay1 at ...445...
Thu Aug 12 11:10:01 EDT 2004


Hi! Everyone, 

     I need some new rule for mysql DB. When I check the rule on rule dir, I can only find 2 rules for Mysql. They are:

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL root login attempt"; flow:to_server,established; content:"|0A 00 00 01 85 04 00 00 80|root|00|"; classtype:protocol-command-decode; sid:1775; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL show databases attempt"; flow:to_server,established; content:"|0F 00 00 00 03|show databases"; classtype:protocol-command-decode; sid:1776; rev:2;)

     Could anyone who work on this field give me new rules to detect Mysql attack?

Thanks
Andy

==========================
Anyi Liu 
Ph.D student
Department of Information and Software Engineering  
George Mason University 
Fairfax, VA, 22032
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040812/26081ede/attachment.html>


More information about the Snort-devel mailing list