New to writing Snort Rules. Help writing a rule?

[Tyler MacPherson <tah338 () sr unh edu>]

Hi,

I recently put Snort on a system for my work. I'm trying to configure it 
by writing certain rules, but since I'm brand new to Snort, I'm having 
some trouble figuring out how to write these rules. Basically, the 
system I'm deploying Snort on should only be receiving traffic through 
two avenues: a MySQL database and Oracle database that are linked to it. 
Everything else should be picked up Snort as potentially being bad. What 
I'm wondering is, how would I go about writing rules that would achieve 
this goal?

Thank you.

-- 
Tyler MacPherson
Student Operator
UNH Research Computing Center
(603) 862-4518


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!