Snort mailing list archives
which SQL injection detection rule is best when considering performance, false-positive, real attack
From: 김무성 <kimms () infosec co kr>
Date: Wed, 1 Dec 2010 17:31:25 +0900
Hello list. which SQL injection detection rule or combination is best when considering performance, false-positive, real attack? 1. Alert tcp any any -> any 80 (uricontent:”+and+1”;) 2. Alert tcp any any -> any 80 (content:”+and+1”; nocase;) 3. Alert tcp any any -> any 80 (content:”+and+1”; http_header; nocase;) 4. Alert tcp any any -> any 80 (content:”+and+1”; http_cookie; nocase;) 5. Alert tcp any any -> any 80 (content:”+and+1”; http_client_body; nocase;) Thanks,
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- which SQL injection detection rule is best when considering performance, false-positive, real attack 김무성 (Dec 01)