This is the snapshot of Snot Latest Rules

源代码在线查看: 3456.txt

软件大小: 17049 K
上传用户: nassdaq
关键词: snapshot Latest Rules This
下载地址: 免注册下载 普通下载 VIP

相关代码

				Rule:  								--				Sid:				3456								-- 								Summary: 				This event is generated when the user "root" logs in to a MySQL database from an external source.								-- 				Impact: 				Serious. An attacker may have gained superuser access to the system.								--				Detailed Information:				This event is generated when someone using the name "root" logs in to a MySQL database.								The 'root' user may have access to all databases on the system, with full privileges to add users, delete data, add information, etc.				 				This connection can either be a legitimate telnet connection or the result of spawning a remote shell as a consequence of a successful network exploit. 								--								Attack Scenarios: 				Simple. The user logs in with the username 'root', full access is then granted to that user for all databases served by the MySQL daemon. The attacker may then continue to gain sensitive information from any database in the system.								-- 								Ease of Attack: 				Simple. This may be post-attack behavior and can be indicative of the successful exploitation of a vulnerable system.								-- 								False Positives: 				This event may be generated by a database administrator logging in as the root user from a location outside the protected network.								--				False Negatives:				None Known								-- 								Corrective Action: 				Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise								Look for other events generated by the same IP addresses.								--				Contributors: 				Sourcefire Vulnerability Research Team				Brian Caswell 				Nigel Houghton 								-- 				Additional References:								--							

相关资源