[Snort-sigs] Possible new variable

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Tue May 21 10:58:04 EDT 2002


Since there are standards out there for the ports on which different
databases run, it may be a good idea to have a variable that defines these,
so as the Oracle rules (for example) don't go crazy on someone sending email
talking about Cary Grant.

Within our company we've developed standards for which ports our databases
can listen on, mostly because of our network setup and firewalls.  I know
that we can easily rewrite all the Oracle rules to use $SQL_PORTS... But it
would probably be easier for everyone if it were built in. Much like
HTTP_PORTS, for those who have proxies and the like.

I'd say the default setting should be 'any'.

For those with only:

Mysql: 3306
Minisql: 1114
MS SQL: 1433 1434
Sybase: 1498
UniSQL: 1978 1979
Postgres: 5432
Oracle: 66 1525 1527 1529 1571 1575 1630 1748 1754
	1808 1809 1830 2005 2481 2482 2483 2484


Yes? No?

-CJK




More information about the Snort-sigs mailing list