[Discussion] Problem with detection of POST Attacks
gsn security
vasugameloft at gmail.com
Mon Jul 27 15:14:55 UTC 2015
Hello Anoop,
I am using emerging threat rule set
https://rules.emergingthreats.net/open/suricata/rules/
For all the attacks, they have some good rules for SQL injection under web
server section.
Thanks and Regards
Vasu
On Mon, Jul 27, 2015 at 1:20 AM, Anoop Saldanha <anoopsaldanha at gmail.com>
wrote:
> Hi Vasu,
>
> Can you post the signatures you are using?
>
> On Thu, Jul 23, 2015 at 1:27 AM, Menerick, John <jmenerick at netsuite.com>
> wrote:
> > I assume you have sniffed the traffic going over the interface and is
> able
> > to verify POST traffic is flowing past the interface?
> >
> >
> >
> > Warmly,
> >
> > John Menerick
> > https://securesql.info
> >
> >
> > On Jul 22, 2015, at 12:41 PM, gsn security <vasugameloft at gmail.com>
> wrote:
> >
> > Hello Everyone,
> >
> > I am new to Suricata, I have my ids set -up to receive all Attacks that
> we
> > coming from both POST and GET requests, unfortunately , My ids is not
> > picking up all the POST attacks especially the SQL injection attempts
> form
> > POST parameters. I have tried to modify the sql injection rules but
> nothing
> > wors? Do you have any idea why it is not detecting sql injection attacks
> > coming from POST?
> >
> >
> > Thanks and Regards
> > Vasu
> > _______________________________________________
> > Discussion mailing list
> > Discussion at lists.openinfosecfoundation.org
> > https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> > Suricata User Conference: Nov 4/5 in Barcelona: http://oisfevents.net
> > User and Developer trainings: http://suricata-ids.org/training/
> >
> >
> >
> > _______________________________________________
> > Discussion mailing list
> > Discussion at lists.openinfosecfoundation.org
> > https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> > Suricata User Conference: Nov 4/5 in Barcelona: http://oisfevents.net
> > User and Developer trainings: http://suricata-ids.org/training/
> >
>
>
>
> --
> -------------------------------
> Anoop Saldanha
> http://www.poona.me
> -------------------------------
>
On Mon, Jul 27, 2015 at 1:20 AM, Anoop Saldanha <anoopsaldanha at gmail.com>
wrote:
> Hi Vasu,
>
> Can you post the signatures you are using?
>
> On Thu, Jul 23, 2015 at 1:27 AM, Menerick, John <jmenerick at netsuite.com>
> wrote:
> > I assume you have sniffed the traffic going over the interface and is
> able
> > to verify POST traffic is flowing past the interface?
> >
> >
> >
> > Warmly,
> >
> > John Menerick
> > https://securesql.info
> >
> >
> > On Jul 22, 2015, at 12:41 PM, gsn security <vasugameloft at gmail.com>
> wrote:
> >
> > Hello Everyone,
> >
> > I am new to Suricata, I have my ids set -up to receive all Attacks that
> we
> > coming from both POST and GET requests, unfortunately , My ids is not
> > picking up all the POST attacks especially the SQL injection attempts
> form
> > POST parameters. I have tried to modify the sql injection rules but
> nothing
> > wors? Do you have any idea why it is not detecting sql injection attacks
> > coming from POST?
> >
> >
> > Thanks and Regards
> > Vasu
> > _______________________________________________
> > Discussion mailing list
> > Discussion at lists.openinfosecfoundation.org
> > https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> > Suricata User Conference: Nov 4/5 in Barcelona: http://oisfevents.net
> > User and Developer trainings: http://suricata-ids.org/training/
> >
> >
> >
> > _______________________________________________
> > Discussion mailing list
> > Discussion at lists.openinfosecfoundation.org
> > https://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> > Suricata User Conference: Nov 4/5 in Barcelona: http://oisfevents.net
> > User and Developer trainings: http://suricata-ids.org/training/
> >
>
>
>
> --
> -------------------------------
> Anoop Saldanha
> http://www.poona.me
> -------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20150727/d5e57600/attachment-0002.html>
More information about the Discussion
mailing list