A SQL injection is not something that can really be stopped by a firewall, its a sort of attack that involves submitting attack strings into improperly coded web applications which allow the attacker to execute arbitrary SQL code on the application's database. So the only way to block that at the firewall level would be to block access to the application, but obviously you can't do that if it's supposed to be a public application.
Date: Tue, 6 Dec 2011 23:36:53 +0000 From: [email protected] To: [email protected] Subject: Re: [pfSense] Any suggestions on how filter in pfSense for SQL Injections? As far as i know for application level attacks like this you need something like snort to detect them. I believe this is supported as a package. I havent used it under pfsense though. http://doc.pfsense.org/index.php/Setup_Snort_Package seems to indicate it will block hosts based on snort rules. I'd imagine that using snort on your pfsense box will add a certain cpu/memory overhead though. Vince On 06/12/2011 23:26, Chuck Mariotti wrote: I have some clients that has been hit twice with the recent SQL injections that seem to be ramping up. See: http://www.scmagazineus.com/new-mass-sql-injection-attack-could-be-forming/article/218069/ http://news.hitb.org/content/new-mass-sql-injection-attack-could-be-forming At our datacenter managed to not get hit. However, I guess I would like to ask for suggestions on how to stop this type of attack at the pfSense firewall and what/how to implement something that would allow us to manage such attacks. Regards, Chuck M _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
