Hi, Op 7 dec 2011, om 00:26 heeft Chuck Mariotti het volgende geschreven:
> At our datacenter managed to not get hit. However, I guess I would like to > ask for suggestions on how to stop this type of attack at the pfSense > firewall and what/how to implement something that would allow us to manage > such attacks. There is no magic button that filters out sql injection attacks, without it tools like phpmyadmin would also instantly fail to work. These send sql queries via the web too in plain text. Since it's supposed to do that. This is a application issue where people forgot or just never considered input validation. The snort approach is not guaranteed to prevent this since people can be very crafty. It's hard to get right. Just make sure that you web apps are kept up to date. Ask your vendors about SQL injection attacks, demand this in writing facing penalties, install the next update they release shortly afterwards. And if you have a datacenter you would better have a really good box to make sure that none of your HTTP traffic takes a hit from being processed through snort. Some other IDS'es note the event, then block. Which can still leave you with a broken database if they succeed on the 1st shot. It also just blocks a IP, which is easily circumventable. One can wish for the world. Regards, Seth
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
