[Snort-sigs] predefined rules

José Luis Rodríguez Rodríguez jlrod2 at ...2420...
Wed Oct 15 13:26:25 EDT 2014


Hello, I'm trying to catch alerts about access as root user to a mysql
server by using the predefined rules but it's not possible. The rule is:

alert tcp any any -> 192.168.236.148  3306 (msg:"root access";
content:"root"; sid:10000001);

What can be the problem?

-- 
Saludos,


José Luis
------
Profesor Informática IES Jacarandá -  Brenes (Sevilla)
http://www.iesjacaranda.es  -   www.iesjacaranda-brenes.org
twitter: @jlrod2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20141015/efc5e5d6/attachment.html>


More information about the Snort-sigs mailing list