Snort mailing list archives
Re: (no subject)
From: Xavi Altafulla <xavifulla () yahoo com>
Date: Mon, 18 Nov 2002 03:20:38 -0800 (PST)
Maybe it's just a false positive. You could have an application server on 10.51.10.13 and the workstation from 10.104 is only grabbing one of the dll's that it needs. In order to check if one of your windoze programs is using a certain dll, you could use FileMon, for example. hope it helps, --- "Philippe Dhont (Sea-ro)" <Philippe.Dhont () searo be> wrote:
Hi, my snort is working fine since this weekend, i use it on an internal server. One of the messages i got was this one: url[snort] NETBIOS nimda RICHED20.DLL 2002-11-18 10:30:52 10.51.10.104:1055 10.51.10.13:139 TCP Now, i got this message from 2 computers, this is very strange because they don't have the nimda virus. I checked them, they have a good anti virus and it is up to date. I scanned the 2 computers completely again (full manual scan) and no virus was found. Why do i get the message ? Regards, Philippe Dhont
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Adrienne Kotze (Oct 10)
- (no subject) Nathan Whitehouse (Oct 14)
- Re: (no subject) hackerwacker (Oct 14)
- Re: (no subject) Erek Adams (Oct 14)
- RE: (no subject) Bob Dehnhardt (Oct 14)
- (no subject) Nanabhay Mohamed * Group (GP) (Oct 16)
- (no subject) Kreimendahl, Chad J (Oct 22)
- (no subject) Ha Tu (Oct 27)
- Re: (no subject) Erek Adams (Oct 27)
- (no subject) Philippe Dhont (Sea-ro) (Nov 18)
- Re: (no subject) Xavi Altafulla (Nov 18)
- (no subject) counterping (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Error using the -T option Mike Koponick (Dec 10)
- Re: Error using the -T option Erick Mechler (Dec 10)
- RE: Error using the -T option Mike Koponick (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Re: (no subject) James-lists (Dec 12)