Snort mailing list archives
Re: the better way?
From: Ralf Spenneberg <lists () spenneberg org>
Date: Thu, 10 Nov 2005 17:32:50 +0100
Hi, the first is not dangerous and the second is hopefully patched. You can suppress these alerts but I would simply comment out the related rules. Ralf Am Donnerstag, den 10.11.2005, 07:50 -0800 schrieb John Friedman:
Hi all, I found I have lots of these alerts: 10.1.10.3 is domain controller. #2-(2-1564) [snort] NETBIOS SMB-DS IPC $ unicode share access 2005-11-10 10:36:18 10.1.12.14:4000 10.1.10.3:445 TCP #3-(2-1563) [nessus] [nessus] [cve] [icat] [bugtraq] [bugtraq] [snort] NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt 2005-11-10 10:36:18 10.1.12.14:4000 10.1.10.3:445 TCP 10.1.12.14 is workstation or server IP. What's the better way to ignore these alerts? (suppress?) BTW, why does it generate many these alerts and is it dangerous? Thanks, John ______________________________________________________________________ Yahoo! FareChase - Search multiple travel sites in one click. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Ralf Spenneberg OpenSource Training http://www.opensource-training.de Webereistr. 1 48565 Steinfurt Germany ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- the better way? John Friedman (Nov 10)
- Re: the better way? Ralf Spenneberg (Nov 10)
- Re: the better way? John Friedman (Nov 10)
- Re: the better way? Ralf Spenneberg (Nov 10)
- Re: the better way? John Friedman (Nov 10)
- <Possible follow-ups>
- RE: the better way? Briggs, Bruce (Nov 10)
- Re: the better way? Ralf Spenneberg (Nov 10)