Snort mailing list archives
Oracle Rule Writers
From: Eric Hines <eric.hines () appliedwatch com>
Date: Thu, 21 Sep 2006 21:09:41 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone on this list write custom Snort rules for Oracle traffic? I was wondering if anyone here knows what Oracle authentication packets look like. Specifically, we'd like to write some Snort rules that detect login attempts with the userid 'apps' or any oracle account when someone authenticates against an Oracle Application server. However, I've never seen what these packets look like or if its even in clear text. Are their by any chance any Oracle DBAs on this list :) or someone faced with the same issue? - -- Best Regards, Eric S. Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC - -------------------------------------------------- Eric S. Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC - -------------------------------------------------- Email: eric.hines () appliedwatch com Address: 1095 Pingree Road Suite 221 Crystal Lake, IL 60014 Tel: (877) 262-7593 ext:327 Local: (847) 854-5831 Fax: (847) 854-5106 Web: http://www.appliedwatch.com - -------------------------------------------------- Security Management for the Open Source Enterprise -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFE0Xl1va6QYTV0EMRAtm+AKCEqX5k60Rcl4MTsh3sm9sIqHP7wQCfU63y bTNrD/4933mAZVl8o4E2OJU= =ECU5 -----END PGP SIGNATURE-----
Attachment:
eric.hines.vcf
Description:
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Oracle Rule Writers Eric Hines (Sep 21)