[Snort-users] Description Database for all these attacks?

Toby Miller infowar at ...71...
Wed Jul 19 14:39:17 EDT 2000


Soory for the extra e-mail. For a great analysis of the SMB Wildcard check
out this link...
http://www.sans.org/y2k/061500.htm

                                                                    Toby
-----Original Message-----
From: David Khoury <dkhoury at ...58...>
To: Snort-users at lists.sourceforge.net <Snort-users at lists.sourceforge.net>
Date: Tuesday, July 18, 2000 7:47 PM
Subject: [Snort-users] Description Database for all these attacks?


>
> With the multitude of attacks that snort can detect, does there exist a
>database of these attacks which have descriptions and explanations of them?
>It's pretty confusing to get a list of all these possible attacks, and not
>be able to follow up on them.
>
> Two that I'd like to know of are:
>
>1) SMB Name Wildcard.  For some reason, my proxy server is getting a few of
>these.  Considering that my proxy doesn't even have samba installed on it,
>is it just some sort of attempt by remote web servers to authenticate the
>browser via SMB?
>
>2) Possible SubSeven access.  Actually, I found out a little about this via
>searching through AltaVista.  Seems as if someone was scanning our network
>for any PCs running this trojan.  The logs show multiple attempts of this
>attack to every single IP number on our network, all from the one IP
number.
>
> It'd be nice to have a database of these attacks where we can look up
>common resolutions, references, descriptions, etc.  What do you guys think?
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>http://lists.sourceforge.net/mailman/listinfo/snort-users
>





More information about the Snort-users mailing list