Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Oracle Rule Writers

From: Eric Hines <eric.hines () appliedwatch com>
Date: Thu, 21 Sep 2006 21:09:41 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anyone on this list write custom Snort rules for Oracle traffic? I was
wondering if anyone here knows what Oracle authentication packets look
like. Specifically, we'd like to write some Snort rules that detect
login attempts with the userid 'apps' or any oracle account when someone
authenticates against an Oracle Application server.

However, I've never seen what these packets look like or if its even in
clear text. Are their by any chance any Oracle DBAs on this list :) or
someone faced with the same issue?

- --

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC


- --------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

- --------------------------------------------------

Email:   eric.hines () appliedwatch com
Address: 1095 Pingree Road
         Suite 221
         Crystal Lake, IL
         60014
Tel:     (877) 262-7593 ext:327
Local:   (847) 854-5831
Fax:     (847) 854-5106
Web:     http://www.appliedwatch.com

- --------------------------------------------------
Security Management for the Open Source Enterprise



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFE0Xl1va6QYTV0EMRAtm+AKCEqX5k60Rcl4MTsh3sm9sIqHP7wQCfU63y
bTNrD/4933mAZVl8o4E2OJU=
=ECU5
-----END PGP SIGNATURE-----

Attachment: eric.hines.vcf
Description: 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: