[Snort-users] False positives on mysql traffic

Al Lewis (allewi) allewi at ...589...
Tue Apr 28 07:37:40 EDT 2015


Hello,

	Can you send us the pcap in binary format and the rule that is suspected of alerting incorrectly please?

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046 
Phone: (office) 443.430.7112
Email: allewi at ...589... 


-----Original Message-----
From: For Sinton [mailto:forsin at ...17149...] 
Sent: Monday, April 27, 2015 11:54 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] False positives on mysql traffic


Hello
here is pcap traffic:
0000000: 41 00 00 00 03 53 45 4c 45 43 54 20 74   5f 5f 30 2e 2a 0a 46 52 4f 4d 20 0a 76  A....SELECT.t__0.*.FROM..v
000001A: 69 65 77 73 5f 76 69 65 77 20 74 5f 5f   30 0a 57 48 45 52 45 20 20 28 6e 61 6d  iews_view.t__0.WHERE..(nam
0000034: 65 20 49 4e 20 20 28 27 70 6f 6c 6c 73   27 29 29 20                             e.IN..('polls')).

----- Исходное сообщение -----
От: snort-users-request at lists.sourceforge.net
Кому: "forsin" <forsin at ...17149...>
Отправленные: Вторник, 28 Апрель 2015 г 9:52:50
Тема: Welcome to the "Snort-users" mailing list




More information about the Snort-users mailing list