[Snort-users] ACID 0.9.5 Released

Roman Danyliw roman at ...438...
Fri Jan 19 16:44:42 EST 2001


> > I totally agree Jeff, ACID kicks some serious ass and is well
> > worth a look at.
> >
> > Your comment on alerting on DB INSERTS made me laugh and
> > reminded me of the time
> > I had snort trigger (on four different machines) from
> > downloading a new rule
> > update!
>
> To stop it from triggering on DB INSERTS, just pipe your mysql
connection
> over SSH.  :)
>

How about using a pass rule for all the Snort traffic to your MySQL
server:

e.g:  pass tcp <snort_box> any -> <mysql_box> 3306 (msg:"Alert SQL";)

Roman





More information about the Snort-users mailing list