added Snort sig tests for MS SQL Server communication attempt
authorMichael Rash <mbr@cipherdyne.org>
Sat, 24 Mar 2012 13:25:00 +0000 (09:25 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 24 Mar 2012 13:25:00 +0000 (09:25 -0400)
test/scans/iptables/ipv6_ms_sql_server_sig_match [new file with mode: 0644]
test/scans/iptables/ms_sql_server_sig_match [new file with mode: 0644]

diff --git a/test/scans/iptables/ipv6_ms_sql_server_sig_match b/test/scans/iptables/ipv6_ms_sql_server_sig_match
new file mode 100644 (file)
index 0000000..2cbe2d7
--- /dev/null
@@ -0,0 +1 @@
+ipv6_tcp_connect_nmap_default_scan:Mar 17 13:39:13 linux kernel: [956932.522957] DROP IN=eth0 OUT= MAC=00:13:46:3a:41:36:00:1b:b9:76:9c:e4:86:dd SRC=2001:0db8:0000:f101:0000:0000:0000:0002 DST=2001:0db8:0000:f101:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TCP SPT=51397 DPT=1433 WINDOW=5760 RES=0x00 SYN URGP=0 
diff --git a/test/scans/iptables/ms_sql_server_sig_match b/test/scans/iptables/ms_sql_server_sig_match
new file mode 100644 (file)
index 0000000..0cf591d
--- /dev/null
@@ -0,0 +1,2 @@
+Mar 11 20:35:14 linux kernel: [463493.257294] DROP IN=eth1 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=54575 PROTO=TCP SPT=56247 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) 
+Mar 11 20:35:15 linux kernel: [463494.258326] DROP IN=eth1 OUT= MAC=23:87:fc:c6:24:58:00:21:3f:98:99:78:09:00 SRC=192.168.10.55 DST=192.168.10.1 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10710 PROTO=TCP SPT=56248 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4)