Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SQL injection

From: Nanda Vardhan <nandu7ninja () gmail com>
Date: Thu, 29 May 2014 21:14:11 +0530
Am using snort on ubuntu. I am using snort inline mode. I need to prevent
sql injection on a website hosted on local xampp server. I wrote following
rule

drop TCP any any -> any any (flow:to_server; content:!"GET"; nocase;
pcre="[\'\"\;\:\|\&\$\%\@\\\/<>()+,]")


but am unable to drop the packets. still requests r being accepted by local
xampp server. how to stop sql injection attack using snort rules. may be am
wrong in some command. please help me, am a beginner.

if there is a step by step tutorial that would help me a lot.

Thanks in advance.

------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: