[Snort-sigs] new rule for detect

rmkml rmkml at ...324...
Tue Jun 26 01:01:13 EDT 2007


Hi,

please check and maybe add this new rule :

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 21064 (msg:"SQL Ingres uuid_from_char() overflow attempt"; flow:to_server,established; dsize:>200; content:" uuid_from_char("; nocase; isdataat:200,relative; content:!")"; within:200; reference:cve,2007-3338; classtype:attempted-user; sid:92036; rev:1;)

Any suggestions and improvements are welcome,

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...
=> Crusoe Researches have more than 2036 UNIQ 'snort' rules for Commercial Access
     (Contact me directly if you are interested)

Azwalaro French new nidps open source project
http://www.Crusoe-Researches.com/azwalaro/
azwalaro at ...3281...

Regards
Rmkml




More information about the Snort-sigs mailing list