Versions (2)
Version DetailsCurrent
Rev: 3 • Dec 6, 2012, 12:00 PMET ATTACK_RESPONSE MySQL User Account Enumeration
alert tcp $SQL_SERVERS 3306 -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE MySQL User Account Enumeration"; flow:from_server,established; content:"|02|"; offset:3; depth:4; content:"|15 04|Access denied for user"; fast_pattern; threshold:type both,track by_dst,count 10,seconds 1; reference:url,seclists.org/fulldisclosure/2012/Dec/att-9/; classtype:protocol-command-decode; sid:2015993; rev:3; metadata:created_at 2012_12_06, signature_severity Minor, updated_at 2019_10_08;)
Dec 6, 2012, 12:00 PM
Oct 8, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-attack_response.rules