[Snort-sigs] New to writing Snort Rules. Help writing a rule?

Balasubramaniam Natarajan bala150985 at ...2420...
Sat May 19 02:38:48 EDT 2012


Hi Tyler,

Could you please give us a small network diagram of how your setup looks
like ?  I cannot get the full picture with your explanation below.

On Sat, May 19, 2012 at 1:48 AM, Tyler MacPherson <tah338 at ...3678...> wrote:

> Hi,
>
> I recently put Snort on a system for my work. I'm trying to configure it
> by writing certain rules, but since I'm brand new to Snort, I'm having
> some trouble figuring out how to write these rules. Basically, the
> system I'm deploying Snort on should only be receiving traffic through
> two avenues: a MySQL database and Oracle database that are linked to it.
> Everything else should be picked up Snort as potentially being bad. What
> I'm wondering is, how would I go about writing rules that would achieve
> this goal?
>
> Thank you.
>
> --
> Tyler MacPherson
> Student Operator
> UNH Research Computing Center
> (603) 862-4518
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>



-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120519/f05c0409/attachment.html>


More information about the Snort-sigs mailing list