[Snort-devel] Final Year Project Custom MySQL Database Server Rules and Classifications Review

Jack Eastwood Jumping_Jack06 at hotmail.com
Sun Apr 8 13:50:08 EDT 2018


Good Afternoon,

I’m a final year Computer Forensics and Security student representing Leeds Beckett University in the UK and finalizing my final year project based on using Snort as an IDS to monitor an active MySQL server.

For the basis of my project I have installed and configured Snort as an IDS to monitor an array of activity against a MySQL community server with a vulnerable application called “damn vulnerable web application” (DVWA) that is connected the MySQL database. I have uploaded three files in this email: a general MySQL rules file, a MySQL exploit rules file -where I have written custom made snort rules to detect an array of activity - and a classification configuration file which I have also written custom made classifications in context to my project. For each rule I have inserted comments explaining the function of each rule and the requirements on how each rule gets triggered.

I would be thankful if anyone could review these files and provide any form of feedback that could enhance these rules for future research or even potentially be published as official Snort rules.

If you would like any more information regarding my project, Snort or MySQL configuration settings or anything else that could benefit the reviewing process then don’t hesitate to contact me.

Thanks you and regards
Jack Eastwood

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180408/7f4ddabd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: general-mysql.rules
Type: application/octet-stream
Size: 22004 bytes
Desc: general-mysql.rules
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180408/7f4ddabd/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mysql-exploit.rules
Type: application/octet-stream
Size: 9015 bytes
Desc: mysql-exploit.rules
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180408/7f4ddabd/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: classification.config
Type: application/octet-stream
Size: 6054 bytes
Desc: classification.config
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180408/7f4ddabd/attachment-0005.obj>


More information about the Snort-devel mailing list