[Snort-users] Description Database for all these attacks?

David Khoury dkhoury at ...58...
Tue Jul 18 22:43:30 EDT 2000


 With the multitude of attacks that snort can detect, does there exist a
database of these attacks which have descriptions and explanations of them?
It's pretty confusing to get a list of all these possible attacks, and not
be able to follow up on them.

 Two that I'd like to know of are:

1) SMB Name Wildcard.  For some reason, my proxy server is getting a few of
these.  Considering that my proxy doesn't even have samba installed on it,
is it just some sort of attempt by remote web servers to authenticate the
browser via SMB?

2) Possible SubSeven access.  Actually, I found out a little about this via
searching through AltaVista.  Seems as if someone was scanning our network
for any PCs running this trojan.  The logs show multiple attempts of this
attack to every single IP number on our network, all from the one IP number.

 It'd be nice to have a database of these attacks where we can look up
common resolutions, references, descriptions, etc.  What do you guys think?





More information about the Snort-users mailing list