[Snort-users] Oracle Rule Writers

Eric Hines eric.hines at ...8860...
Thu Sep 21 22:09:41 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anyone on this list write custom Snort rules for Oracle traffic? I was
wondering if anyone here knows what Oracle authentication packets look
like. Specifically, we'd like to write some Snort rules that detect
login attempts with the userid 'apps' or any oracle account when someone
authenticates against an Oracle Application server.

However, I've never seen what these packets look like or if its even in
clear text. Are their by any chance any Oracle DBAs on this list :) or
someone faced with the same issue?

- --

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC


- --------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

- --------------------------------------------------

Email:   eric.hines at ...8860...
Address: 1095 Pingree Road
         Suite 221
         Crystal Lake, IL
         60014
Tel:     (877) 262-7593 ext:327
Local:   (847) 854-5831
Fax:     (847) 854-5106
Web:     http://www.appliedwatch.com

- --------------------------------------------------
Security Management for the Open Source Enterprise



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFE0Xl1va6QYTV0EMRAtm+AKCEqX5k60Rcl4MTsh3sm9sIqHP7wQCfU63y
bTNrD/4933mAZVl8o4E2OJU=
=ECU5
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eric.hines.vcf
Type: text/x-vcard
Size: 372 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060921/e3527cae/attachment.vcf>


More information about the Snort-users mailing list