""ET ATTACK_RESPONSE MySQL User Account Enumeration""

SID: 2015993

Revision: 2

Class Type: protocol-command-decode

Metadata: created_at 2012_12_06, updated_at 2012_12_06

Reference:

• Link

Protocol: tcp

Source Network: $SQL_SERVERS

Source Port: 3306

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: from_server,established

Contents:

• Value: "|02|" Depth: 4 Offset: 3

• Value: "|15 04|Access denied for user"

Within:

PCRE:

Special Options:

source