[Snort-users] Description Database for all these attacks?

Bill Pennington billp at ...60...
Tue Jul 18 23:24:05 EDT 2000


You want to look at www.whitehats.com at the Archnids DB, that should
have what you want.

David Khoury wrote:
> 
>  With the multitude of attacks that snort can detect, does there exist a
> database of these attacks which have descriptions and explanations of them?
> It's pretty confusing to get a list of all these possible attacks, and not
> be able to follow up on them.
> 
>  Two that I'd like to know of are:
> 
> 1) SMB Name Wildcard.  For some reason, my proxy server is getting a few of
> these.  Considering that my proxy doesn't even have samba installed on it,
> is it just some sort of attempt by remote web servers to authenticate the
> browser via SMB?
> 
> 2) Possible SubSeven access.  Actually, I found out a little about this via
> searching through AltaVista.  Seems as if someone was scanning our network
> for any PCs running this trojan.  The logs show multiple attempts of this
> attack to every single IP number on our network, all from the one IP number.
> 
>  It'd be nice to have a database of these attacks where we can look up
> common resolutions, references, descriptions, etc.  What do you guys think?
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 


Bill Pennington
Senior IT Manager
Rocketcash
billp at ...60...
http://www.rocketcash.com





More information about the Snort-users mailing list