[Snort-sigs] New to writing Snort Rules. Help writing a rule?

Tyler MacPherson tah338 at ...3678...
Fri May 18 16:18:13 EDT 2012


I recently put Snort on a system for my work. I'm trying to configure it 
by writing certain rules, but since I'm brand new to Snort, I'm having 
some trouble figuring out how to write these rules. Basically, the 
system I'm deploying Snort on should only be receiving traffic through 
two avenues: a MySQL database and Oracle database that are linked to it. 
Everything else should be picked up Snort as potentially being bad. What 
I'm wondering is, how would I go about writing rules that would achieve 
this goal?

Thank you.

Tyler MacPherson
Student Operator
UNH Research Computing Center
(603) 862-4518

More information about the Snort-sigs mailing list