
<div dir="ltr">Hello Anoop,<div><br></div><div><br></div><div>I am using emerging threat rule set <a href="https://rules.emergingthreats.net/open/suricata/rules/">https://rules.emergingthreats.net/open/suricata/rules/</a> </div><div><br></div><div>For all the attacks, they have some good rules for SQL injection under web server section.</div><div><br></div><div><br></div><div>Thanks and Regards</div><div>Vasu</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 27, 2015 at 1:20 AM, Anoop Saldanha <span dir="ltr"><<a href="mailto:anoopsaldanha@gmail.com" target="_blank">anoopsaldanha@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi Vasu,<br><br>Can you post the signatures you are using?<br><span class=""><br>On Thu, Jul 23, 2015 at 1:27 AM, Menerick, John <<a href="mailto:jmenerick@netsuite.com">jmenerick@netsuite.com</a>> wrote:<br>> I assume you have sniffed the traffic going over the interface and is able<br>> to verify POST traffic is flowing past the interface?<br>><br>><br>><br>> Warmly,<br>><br>> John Menerick<br></span>> <a href="https://securesql.info/" rel="noreferrer" target="_blank">https://securesql.info</a><br><span class="">><br>><br>> On Jul 22, 2015, at 12:41 PM, gsn security <<a href="mailto:vasugameloft@gmail.com">vasugameloft@gmail.com</a>> wrote:<br>><br>> Hello  Everyone,<br>><br>> I am new to Suricata, I have my ids set -up to receive all Attacks that we<br>> coming from both POST and GET requests, unfortunately , My ids is not<br>> picking up all the POST attacks especially the SQL injection attempts form<br>> POST parameters. I have tried to modify the sql injection rules but nothing<br>> wors? Do you have any idea why it is not detecting sql injection attacks<br>> coming from POST?<br>><br>><br>> Thanks and Regards<br>> Vasu<br>> _______________________________________________<br>> Discussion mailing list<br></span><span class="">> <a href="mailto:Discussion@lists.openinfosecfoundation.org">Discussion@lists.openinfosecfoundation.org</a><br>> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/discussion" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>> Suricata User Conference: Nov 4/5 in Barcelona: <a href="http://oisfevents.net/" rel="noreferrer" target="_blank">http://oisfevents.net</a><br>> User and Developer trainings: <a href="http://suricata-ids.org/training/" rel="noreferrer" target="_blank">http://suricata-ids.org/training/</a><br>><br>><br>><br></span>> _______________________________________________<br>> Discussion mailing list<br><div class="HOEnZb"><div class="h5">> <a href="mailto:Discussion@lists.openinfosecfoundation.org">Discussion@lists.openinfosecfoundation.org</a><br>> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/discussion" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>> Suricata User Conference: Nov 4/5 in Barcelona: <a href="http://oisfevents.net/" rel="noreferrer" target="_blank">http://oisfevents.net</a><br>> User and Developer trainings: <a href="http://suricata-ids.org/training/" rel="noreferrer" target="_blank">http://suricata-ids.org/training/</a><br>><br><br><br><br></div></div><span class="HOEnZb"><font color="#888888">--<br>-------------------------------<br>Anoop Saldanha<br><a href="http://www.poona.me/" rel="noreferrer" target="_blank">http://www.poona.me</a><br>-------------------------------<br></font></span></blockquote><div><span class="HOEnZb"><font color="#888888"><br></font></span></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 27, 2015 at 1:20 AM, Anoop Saldanha <span dir="ltr"><<a href="mailto:anoopsaldanha@gmail.com" target="_blank">anoopsaldanha@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Vasu,<br>

<br>

Can you post the signatures you are using?<br>

<span class=""><br>

On Thu, Jul 23, 2015 at 1:27 AM, Menerick, John <<a href="mailto:jmenerick@netsuite.com">jmenerick@netsuite.com</a>> wrote:<br>

> I assume you have sniffed the traffic going over the interface and is able<br>

> to verify POST traffic is flowing past the interface?<br>

><br>

><br>

><br>

> Warmly,<br>

><br>

> John Menerick<br>

</span>> <a href="https://securesql.info" rel="noreferrer" target="_blank">https://securesql.info</a><br>

<span class="">><br>

><br>

> On Jul 22, 2015, at 12:41 PM, gsn security <<a href="mailto:vasugameloft@gmail.com">vasugameloft@gmail.com</a>> wrote:<br>

><br>

> Hello  Everyone,<br>

><br>

> I am new to Suricata, I have my ids set -up to receive all Attacks that we<br>

> coming from both POST and GET requests, unfortunately , My ids is not<br>

> picking up all the POST attacks especially the SQL injection attempts form<br>

> POST parameters. I have tried to modify the sql injection rules but nothing<br>

> wors? Do you have any idea why it is not detecting sql injection attacks<br>

> coming from POST?<br>

><br>

><br>

> Thanks and Regards<br>

> Vasu<br>

> _______________________________________________<br>

> Discussion mailing list<br>

</span><span class="">> <a href="mailto:Discussion@lists.openinfosecfoundation.org">Discussion@lists.openinfosecfoundation.org</a><br>

> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/discussion" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>

> Suricata User Conference: Nov 4/5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a><br>

> User and Developer trainings: <a href="http://suricata-ids.org/training/" rel="noreferrer" target="_blank">http://suricata-ids.org/training/</a><br>

><br>

><br>

><br>

</span>> _______________________________________________<br>

> Discussion mailing list<br>

<div class="HOEnZb"><div class="h5">> <a href="mailto:Discussion@lists.openinfosecfoundation.org">Discussion@lists.openinfosecfoundation.org</a><br>

> <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/discussion" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>

> Suricata User Conference: Nov 4/5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a><br>

> User and Developer trainings: <a href="http://suricata-ids.org/training/" rel="noreferrer" target="_blank">http://suricata-ids.org/training/</a><br>

><br>

<br>

<br>

<br>

</div></div><span class="HOEnZb"><font color="#888888">--<br>

-------------------------------<br>

Anoop Saldanha<br>

<a href="http://www.poona.me" rel="noreferrer" target="_blank">http://www.poona.me</a><br>

-------------------------------<br>

</font></span></blockquote></div><br></div>