Snort mailing list archives
Question on the NetBIOS rules and port 445 in general
From: Kevin Smith <kjsmith () tm net>
Date: Wed, 18 May 2005 08:40:24 -0400
Hey everyone,I have been noticing a lot of traffic coming from our end users computers on TCP port 445. Basically, this is all the traffic coming through our snort box we have setup. Every once and a while I will see a port 80 or maybe 135-139. If I enable the NetBIOS rules along that came with 2.3 I notice that I get nothing. Does that just mean there isn't anything I should worry about? If you look you can see that it isn't just to one IP but to many. Is this normal for NetBIOS to do, or could be signs of virus/spy-ware activity? Sorry if this is a dumb question, but I'm just lost. Any help with understanding what I am seeing here would be greatly appreciated.
Src. Port Dest. IP Dest. Port 3036 64.7.179.58 445 2005-05-17 23:49:28 3039 64.7.182.138 445 2005-05-17 23:49:28 3053 64.7.181.247 445 2005-05-17 23:49:29 3081 64.7.181.190 445 2005-05-17 23:49:30 3082 64.7.181.190 445 2005-05-17 23:49:30 3039 64.7.182.138 445 2005-05-17 23:49:31 3036 64.7.179.58 445 2005-05-17 23:49:31 3053 64.7.181.247 445 2005-05-17 23:49:32 3081 64.7.181.190 445 2005-05-17 23:49:33 Thanks again, Kevin ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question on the NetBIOS rules and port 445 in general Kevin Smith (May 18)
- <Possible follow-ups>
- Re: Question on the NetBIOS rules and port 445 in general Kevin Smith (May 18)
- Re: Question on the NetBIOS rules and port 445 in general Matt Kettler (May 18)