[Snort-sigs] Possible new variable
Kreimendahl, Chad J
Chad.Kreimendahl at ...361...
Tue May 21 10:58:04 EDT 2002
Since there are standards out there for the ports on which different
databases run, it may be a good idea to have a variable that defines these,
so as the Oracle rules (for example) don't go crazy on someone sending email
talking about Cary Grant.
Within our company we've developed standards for which ports our databases
can listen on, mostly because of our network setup and firewalls. I know
that we can easily rewrite all the Oracle rules to use $SQL_PORTS... But it
would probably be easier for everyone if it were built in. Much like
HTTP_PORTS, for those who have proxies and the like.
I'd say the default setting should be 'any'.
For those with only:
MS SQL: 1433 1434
UniSQL: 1978 1979
Oracle: 66 1525 1527 1529 1571 1575 1630 1748 1754
1808 1809 1830 2005 2481 2482 2483 2484
More information about the Snort-sigs