[Snort-users] Description Database for all these attacks?
dkhoury at ...58...
Wed Jul 19 20:55:28 EDT 2000
It's an interesting web page, but still isn't complete as far as the snort
database is concerned. It certainly doesn't have anything on the "SMB Name
Wildcard" option, and why I'm picking up so many of these packets directed
to my proxy server.
It would be worth setting one up on the Snort web page specifically for
snort stuff. I'd be willing to volunteer setting it up and entering in
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Bill
> Sent: Wednesday, 19 July 2000 1:24 PM
> To: David Khoury
> Cc: Snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Description Database for all these attacks?
> You want to look at www.whitehats.com at the Archnids DB, that should
> have what you want.
> David Khoury wrote:
> > With the multitude of attacks that snort can detect, does there exist a
> > database of these attacks which have descriptions and
> explanations of them?
> > It's pretty confusing to get a list of all these possible
> attacks, and not
> > be able to follow up on them.
> > Two that I'd like to know of are:
> > 1) SMB Name Wildcard. For some reason, my proxy server is
> getting a few of
> > these. Considering that my proxy doesn't even have samba
> installed on it,
> > is it just some sort of attempt by remote web servers to
> authenticate the
> > browser via SMB?
> > 2) Possible SubSeven access. Actually, I found out a little
> about this via
> > searching through AltaVista. Seems as if someone was scanning
> our network
> > for any PCs running this trojan. The logs show multiple
> attempts of this
> > attack to every single IP number on our network, all from the
> one IP number.
> > It'd be nice to have a database of these attacks where we can look up
> > common resolutions, references, descriptions, etc. What do you
> guys think?
More information about the Snort-users