Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt'

From: "Everist, Benjamin S. (NASWI)" <EveristB () naswi navy mil>
Date: Wed, 11 Jun 2003 09:58:50 -0700
Have a look at http://www.snort.org/snort-db/sid.html?sid=2102

In particular, "This rule has been deprecated due to an inordinately large
number of 
false positives. Rule 2101 has been modified to take this into account."

If your windows machines are properly patched (MS02-045), you will likely
want to 
comment out this rule.

-----Original Message-----
From: Ciprian Badescu [mailto:ciprian.badescu () alcatel ro]
Sent: Wednesday, June 11, 2003 1:01 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data
Count of 0 DOS Attempt'


Hi,

I've installed snort on a FreeBSD and a Windows 2000 sistems, and I have
many messages like in sublect line.

The source addresses are all PC's from local network. Could be a false
alarm?

thanks.

--
Ciprian Badescu


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: