Snort mailing list archives

Previous By Date Next
Previous By Thread Next

missing reference for correlation

From: "nyarlathothep\@libero\.it" <nyarlathothep () libero it>
Date: Wed, 19 May 2004 17:36:13 +0200
Hello all,

with my Snort up and running :) I'm going to work on my IDS-VA correlator.
I've a lot of data, obtained from Nessus scan on a target machine, but I've seen
that there are lots of snort rules that contains no reference, so I cant
correlate the Snort results wioth the VA database.
For example:

------------------------------------------------------------------------------------------
Nessus said me that I've an ftp service that allows anonymous login, ref:
CAN-1999-0497
The correct snort's rule triggers on: POLICY FTP anonymous login attempt
but it has not reference!
------------------------------------------------------------------------------------------

From Nessus, my web server has no limited access to /iisadmin, ref: CAN-1999-1538

Snort: WEB-IIS iisadmin access 
but no reference!
------------------------------------------------------------------------------------------
This is only an example, but I've seen lot of those cases, and the rules set is
the last
one from snort.org.

Someone could explain me the reason?

Thanks

Matteo




-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: