Snort mailing list archives
missing reference for correlation
From: "nyarlathothep\@libero\.it" <nyarlathothep () libero it>
Date: Wed, 19 May 2004 17:36:13 +0200
Hello all, with my Snort up and running :) I'm going to work on my IDS-VA correlator. I've a lot of data, obtained from Nessus scan on a target machine, but I've seen that there are lots of snort rules that contains no reference, so I cant correlate the Snort results wioth the VA database. For example: ------------------------------------------------------------------------------------------ Nessus said me that I've an ftp service that allows anonymous login, ref: CAN-1999-0497 The correct snort's rule triggers on: POLICY FTP anonymous login attempt but it has not reference! ------------------------------------------------------------------------------------------
From Nessus, my web server has no limited access to /iisadmin, ref: CAN-1999-1538
Snort: WEB-IIS iisadmin access but no reference! ------------------------------------------------------------------------------------------ This is only an example, but I've seen lot of those cases, and the rules set is the last one from snort.org. Someone could explain me the reason? Thanks Matteo ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- missing reference for correlation nyarlathothep () libero it (May 19)