[Snort-sigs] new rule for detect
rmkml at ...324...
Tue Jun 26 01:01:13 EDT 2007
please check and maybe add this new rule :
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 21064 (msg:"SQL Ingres uuid_from_char() overflow attempt"; flow:to_server,established; dsize:>200; content:" uuid_from_char("; nocase; isdataat:200,relative; content:!")"; within:200; reference:cve,2007-3338; classtype:attempted-user; sid:92036; rev:1;)
Any suggestions and improvements are welcome,
contact at ...3281...
=> Crusoe Researches have more than 2036 UNIQ 'snort' rules for Commercial Access
(Contact me directly if you are interested)
Azwalaro French new nidps open source project
azwalaro at ...3281...
More information about the Snort-sigs