[Discussion] Problem with detection of POST Attacks

Anoop Saldanha anoopsaldanha at gmail.com
Mon Jul 27 05:20:06 UTC 2015


Hi Vasu,

Can you post the signatures you are using?

On Thu, Jul 23, 2015 at 1:27 AM, Menerick, John <jmenerick at netsuite.com> wrote:
> I assume you have sniffed the traffic going over the interface and is able
> to verify POST traffic is flowing past the interface?
>
>
>
> Warmly,
>
> John Menerick
> https://securesql.info
>
>
> On Jul 22, 2015, at 12:41 PM, gsn security <vasugameloft at gmail.com> wrote:
>
> Hello  Everyone,
>
> I am new to Suricata, I have my ids set -up to receive all Attacks that we
> coming from both POST and GET requests, unfortunately , My ids is not
> picking up all the POST attacks especially the SQL injection attempts form
> POST parameters. I have tried to modify the sql injection rules but nothing
> wors? Do you have any idea why it is not detecting sql injection attacks
> coming from POST?
>
>
> Thanks and Regards
> Vasu
> _______________________________________________
> Discussion mailing list
> Discussion at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> Suricata User Conference: Nov 4/5 in Barcelona: http://oisfevents.net
> User and Developer trainings: http://suricata-ids.org/training/
>
>
>
> _______________________________________________
> Discussion mailing list
> Discussion at lists.openinfosecfoundation.org
> https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> Suricata User Conference: Nov 4/5 in Barcelona: http://oisfevents.net
> User and Developer trainings: http://suricata-ids.org/training/
>



-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------



More information about the Discussion mailing list