[Snort-devel] NEW Mysql rule needed!

Anyi Liu1 wagnerliuay1 at ...445...
Thu Aug 12 11:10:01 EDT 2004

Hi! Everyone, 

     I need some new rule for mysql DB. When I check the rule on rule dir, I can only find 2 rules for Mysql. They are:

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL root login attempt"; flow:to_server,established; content:"|0A 00 00 01 85 04 00 00 80|root|00|"; classtype:protocol-command-decode; sid:1775; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL show databases attempt"; flow:to_server,established; content:"|0F 00 00 00 03|show databases"; classtype:protocol-command-decode; sid:1776; rev:2;)

     Could anyone who work on this field give me new rules to detect Mysql attack?


Anyi Liu 
Ph.D student
Department of Information and Software Engineering  
George Mason University 
Fairfax, VA, 22032
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040812/26081ede/attachment.html>

More information about the Snort-devel mailing list