[Snort-users] SQL injection

Nanda Vardhan nandu7ninja at ...11827...
Thu May 29 11:44:11 EDT 2014


Am using snort on ubuntu. I am using snort inline mode. I need to prevent
sql injection on a website hosted on local xampp server. I wrote following
rule

drop TCP any any -> any any (flow:to_server; content:!"GET"; nocase;
pcre="[\'\"\;\:\|\&\$\%\@\\\/<>()+,]")


but am unable to drop the packets. still requests r being accepted by local
xampp server. how to stop sql injection attack using snort rules. may be am
wrong in some command. please help me, am a beginner.

if there is a step by step tutorial that would help me a lot.

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140529/babe6c93/attachment.html>


More information about the Snort-users mailing list