Snort mailing list archives
Any experience snorting MS NLB'd web servers? False positives?
From: "Gordon Cunningham" <gcunnin2 () bellsouth net>
Date: Mon, 11 Aug 2003 09:46:35 -0400
I've got snort monitoring a DMZ with a pair of web servers using MS NLB services, and see a lot of x86 NOOP and similar alerts between the two at the NLB addresses. I believe that this is a false positive based on the NLB traffic, but can anyone confirm/deny, or know what else to look for so that I can be certain? - Gordon "The software said it requires Windows 98 or better, so I installed Linux..."
Current thread:
- Rule MS03-026 - Who has it? Please post it for me..thanks Tony Martin (Aug 05)
- Any experience snorting MS NLB'd web servers? False positives? Gordon Cunningham (Aug 12)
- Re: Any experience snorting MS NLB'd web servers? False positives? Erek Adams (Aug 12)
- Any experience snorting MS NLB'd web servers? False positives? Gordon Cunningham (Aug 12)