Snort mailing list archives
the better way?
From: John Friedman <jfriedmanx () yahoo com>
Date: Thu, 10 Nov 2005 07:50:27 -0800 (PST)
Hi all, I found I have lots of these alerts: 10.1.10.3 is domain controller. [input] [input] #2-(2-1564) [snort] NETBIOS SMB-DS IPC$ unicode share access 2005-11-10 10:36:18 10.1.12.14:4000 10.1.10.3:445 TCP [input] [input] #3-(2-1563) [nessus] [nessus] [cve] [icat] [bugtraq] [bugtraq] [snort] NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt 2005-11-10 10:36:18 10.1.12.14:4000 10.1.10.3:445 TCP 10.1.12.14 is workstation or server IP. What's the better way to ignore these alerts? (suppress?) BTW, why does it generate many these alerts and is it dangerous? Thanks, John --------------------------------- Yahoo! FareChase - Search multiple travel sites in one click. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- the better way? John Friedman (Nov 10)
- Re: the better way? Ralf Spenneberg (Nov 10)
- Re: the better way? John Friedman (Nov 10)
- Re: the better way? Ralf Spenneberg (Nov 10)
- Re: the better way? John Friedman (Nov 10)
- <Possible follow-ups>
- RE: the better way? Briggs, Bruce (Nov 10)
- Re: the better way? Ralf Spenneberg (Nov 10)