[Snort-users] Description Database for all these attacks?

Martin Roesch roesch at ...1...
Wed Jul 19 22:43:10 EDT 2000


Alternatively, you could just fill the missing entries into the arachNIDS
database instead of making a duplicate site....

    -Marty

David Khoury wrote:
> 
>  It's an interesting web page, but still isn't complete as far as the snort
> database is concerned.  It certainly doesn't have anything on the "SMB Name
> Wildcard" option, and why I'm picking up so many of these packets directed
> to my proxy server.
> 
>  It would be worth setting one up on the Snort web page specifically for
> snort stuff.  I'd be willing to volunteer setting it up and entering in
> details.
> 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Bill
> > Pennington
> > Sent: Wednesday, 19 July 2000 1:24 PM
> > To: David Khoury
> > Cc: Snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] Description Database for all these attacks?
> >
> >
> > You want to look at www.whitehats.com at the Archnids DB, that should
> > have what you want.
> >
> > David Khoury wrote:
> > >
> > >  With the multitude of attacks that snort can detect, does there exist a
> > > database of these attacks which have descriptions and
> > explanations of them?
> > > It's pretty confusing to get a list of all these possible
> > attacks, and not
> > > be able to follow up on them.
> > >
> > >  Two that I'd like to know of are:
> > >
> > > 1) SMB Name Wildcard.  For some reason, my proxy server is
> > getting a few of
> > > these.  Considering that my proxy doesn't even have samba
> > installed on it,
> > > is it just some sort of attempt by remote web servers to
> > authenticate the
> > > browser via SMB?
> > >
> > > 2) Possible SubSeven access.  Actually, I found out a little
> > about this via
> > > searching through AltaVista.  Seems as if someone was scanning
> > our network
> > > for any PCs running this trojan.  The logs show multiple
> > attempts of this
> > > attack to every single IP number on our network, all from the
> > one IP number.
> > >
> > >  It'd be nice to have a database of these attacks where we can look up
> > > common resolutions, references, descriptions, etc.  What do you
> > guys think?
> > >
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch                      <roesch at ...2...>
Core R&D                         http://www.hiverworld.com
Hiverworld, Inc.       Continuous Adaptive Risk Management




More information about the Snort-users mailing list