Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Help! New Mysql rule needed!

From: "Anyi Liu1" <wagnerliuay1 () hotmail com>
Date: Thu, 12 Aug 2004 14:16:52 -0700

Hi! Everyone, 

     I need some new rule for mysql DB. When I check the rule on rule dir, I can only find 2 rules for Mysql. They are:

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL root login attempt"; flow:to_server,established; 
content:"|0A 00 00 01 85 04 00 00 80|root|00|"; classtype:protocol-command-decode; sid:1775; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"MYSQL show databases attempt"; flow:to_server,established; 
content:"|0F 00 00 00 03|show databases"; classtype:protocol-command-decode; sid:1776; rev:2;)

     Could anyone who work on this field give me new rules to detect Mysql attack?

Thanks
Andy

==========================
Anyi Liu 
Ph.D student
Department of Information and Software Engineering  
George Mason University 
Fairfax, VA, 22032
Previous By Date Next
Previous By Thread Next

Current thread: