Sophie

Sophie

distrib > Mandriva > 8.2 > i586 > by-pkgid > 90137ba41868861e4af055de0961e4de > files > 26

snort-1.8.3-4mdk.i586.rpm

# (C) Copyright 2001, Martin Roesch, Brian Caswell, et al.  All rights reserved.
# $Id: sql.rules,v 1.6 2001/10/29 01:52:54 roesch Exp $
#----------
# SQL RULES
#----------

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL sp_start_job - program execution"; content: "s|00|p|00|_|00|s|00|t|00|a|00|r|00|t|00|_|00|j|00|o|00|"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:673; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL - xp_displayparamstmt possible buffer overflow"; content: "x|00|p|00|_|00|d|00|i|00|s|00|p|00|l|00|a|00|y|00|p|00|a|00|r|00|a|00|m|00|s|00|t|00|m|00|t"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:674; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL - xp_setsqlsecurity possible buffer overflow"; content: "x|00|p|00|_|00|s|00|e|00|t|00|s|00|q|00|l|00|s|00|e|00|c|00|u|00|r|00|i|00|t|00|y"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:675; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL sp_start_job - program execution"; content: "s|00|p|00|_|00|s|00|t|00|a|00|r|00|t|00|_|00|j|00|o|00|"; nocase; flags: AP; offset: 32; depth: 32; classtype:attempted-user; sid:676; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL PIPES sp_password - password change"; content: "s|00|p|00|_|00|p|00|a|00|s|00|s|00|w|00|o|00|r|00|d|00|"; nocase; flags: AP; offset: 32; depth: 32; classtype:attempted-user; sid:677; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL PIPES sp_delete_alert - log file deletion"; content: "s|00|p|00|_|00|d|00|e|00|l|00|e|00|t|00|e|00|_|00|a|00|l|00|e|00|"; nocase; flags: AP; offset: 32; depth: 32; classtype:attempted-user; sid:678; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL PIPES sp_adduser - database user creation"; content: "s|00|p|00|_|00|a|00|d|00|d|00|u|00|s|00|e|00|r|00|"; nocase; flags: AP; offset: 32; depth: 32; classtype:attempted-user; sid:679; rev:1;)
alert tcp $SQL_SERVERS 139 -> $EXTERNAL_NET any (msg:"MS-SQL sa logon failed"; content: "Login failed for user |27|sa|27|"; flags: AP; offset:83; classtype:attempted-user; sid:680; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL PIPES xp_cmdshell - program execution"; content: "x|00|p|00|_|00|c|00|m|00|d|00|s|00|h|00|e|00|l|00|l|00|"; nocase; flags: AP; offset: 32; offset: 32; classtype:attempted-user; sid:681; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_enumresultset possible buffer overflow"; content: "x|00|p|00|_|00|e|00|n|00|u|00|m|00|r|00|e|00|s|00|u|00|l|00|t|00|s|00|e|00|t"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:682; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL sp_password - password change"; content: "s|00|p|00|_|00|p|00|a|00|s|00|s|00|w|00|o|00|r|00|d|00|"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:683; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL sp_delete_alert - log file deletion"; content: "s|00|p|00|_|00|d|00|e|00|l|00|e|00|t|00|e|00|_|00|a|00|l|00|e|00|"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:684; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL sp_adduser - database user creation"; content: "s|00|p|00|_|00|a|00|d|00|d|00|u|00|s|00|e|00|r|00|"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:685; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_reg* - registry access"; content: "x|00|p|00|_|00|r|00|e|00|g|00|"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:686; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_cmdshell - program execution"; content: "x|00|p|00|_|00|c|00|m|00|d|00|s|00|h|00|e|00|l|00|l|00|"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:687; rev:1;)
alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"MS-SQL sa logon failed"; content: "Login failed for user |27|sa|27|"; flags: AP; offset:16; classtype:unsuccessful-user; sid:688; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL PIPES xp_reg* - registry access"; content: "x|00|p|00|_|00|r|00|e|00|g|00|"; nocase; flags: AP; offset: 32; depth: 32; classtype:attempted-user; sid:689; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL - xp_printstatements possible buffer overflow"; content: "x|00|p|00|_|00|p|00|r|00|i|00|n|00|t|00|s|00|t|00|a|00|t|00|e|00|m|00|e|00|n|00|t|00|s"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:690; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL Buffer overflow shellcode ACTIVE ATTACK"; content: "|3920d0009201c200520055003920ec00|"; flags: AP; classtype:attempted-user; sid:691; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL Buffer overflow shellcode ACTIVE ATTACK"; content: "|3920d0009201c200520055003920ec00|"; flags: AP; classtype:attempted-user; sid:692; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL Buffer overflow shellcode ACTIVE ATTACK"; content: "|4800250078007700900090009000900090003300c000500068002e00|"; flags: AP; classtype:attempted-user; sid:693; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL Buffer overflow shellcode ACTIVE ATTACK"; content: "|4800250078007700900090009000900090003300c000500068002e00|"; flags: AP; classtype:attempted-user; sid:694; rev:1;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_sprintf possible buffer overflow"; content: "x|00|p|00|_|00|s|00|p|00|r|00|i|00|n|00|t|00|f"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:695; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_showcolv possible buffer overflow"; content: "x|00|p|00|_|00|s|00|h|00|o|00|w|00|c|00|o|00|l|00|v"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:696; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_peekqueue possible buffer overflow"; content: "x|00|p|00|_|00|p|00|e|00|e|00|k|00|q|00|u|00|e|00|u|00|e"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:697; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_proxiedmetadata possible buffer overflow"; content: "x|00|p|00|_|00|p|00|r|00|o|00|x|00|i|00|e|00|d|00|m|00|e|00|t|00|a|00|d|00|a|00|t|00|a"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:698; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_printstatements possible buffer overflow"; content: "x|00|p|00|_|00|p|00|r|00|i|00|n|00|t|00|s|00|t|00|a|00|t|00|e|00|m|00|e|00|n|00|t|00|s"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:699; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_updatecolvbm possible buffer overflow"; content: "x|00|p|00|_|00|u|00|p|00|d|00|a|00|t|00|e|00|c|00|o|00|l|00|v|00|b|00|m"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:700; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_updatecolvbm possible buffer overflow"; content: "x|00|p|00|_|00|u|00|p|00|d|00|a|00|t|00|e|00|c|00|o|00|l|00|v|00|b|00|m"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:701; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_displayparamstmt possible buffer overflow"; content: "x|00|p|00|_|00|d|00|i|00|s|00|p|00|l|00|a|00|y|00|p|00|a|00|r|00|a|00|m|00|s|00|t|00|m|00|t"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:702; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_setsqlsecurity possible buffer overflow"; content: "x|00|p|00|_|00|s|00|e|00|t|00|s|00|q|00|l|00|s|00|e|00|c|00|u|00|r|00|i|00|t|00|y"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:703; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_sprintf possible buffer overflow"; content: "x|00|p|00|_|00|s|00|p|00|r|00|i|00|n|00|t|00|f"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:704; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_showcolv possible buffer overflow"; content: "x|00|p|00|_|00|s|00|h|00|o|00|w|00|c|00|o|00|l|00|v"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:705; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_peekqueue possible buffer overflow"; content: "x|00|p|00|_|00|p|00|e|00|e|00|k|00|q|00|u|00|e|00|u|00|e"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:706; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 (msg:"MS-SQL xp_proxiedmetadata possible buffer overflow"; content: "x|00|p|00|_|00|p|00|r|00|o|00|x|00|i|00|e|00|d|00|m|00|e|00|t|00|a|00|d|00|a|00|t|00|a"; nocase; flags: AP; offset: 8; classtype:attempted-user; sid:707; rev:2;)
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"MS-SQL xp_enumresultset possible buffer overflow"; content: "x|00|p|00|_|00|e|00|n|00|u|00|m|00|r|00|e|00|s|00|u|00|l|00|t|00|s|00|e|00|t"; nocase; flags: AP; offset: 32; classtype:attempted-user; sid:708; rev:2;)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional