Snort mailing list archives
RE: many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt'
From: "Everist, Benjamin S. (NASWI)" <EveristB () naswi navy mil>
Date: Wed, 11 Jun 2003 09:58:50 -0700
Have a look at http://www.snort.org/snort-db/sid.html?sid=2102 In particular, "This rule has been deprecated due to an inordinately large number of false positives. Rule 2101 has been modified to take this into account." If your windows machines are properly patched (MS02-045), you will likely want to comment out this rule. -----Original Message----- From: Ciprian Badescu [mailto:ciprian.badescu () alcatel ro] Sent: Wednesday, June 11, 2003 1:01 AM To: snort-users () lists sourceforge net Subject: [Snort-users] many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt' Hi, I've installed snort on a FreeBSD and a Windows 2000 sistems, and I have many messages like in sublect line. The source addresses are all PC's from local network. Could be a false alarm? thanks. -- Ciprian Badescu ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt' Everist, Benjamin S. (NASWI) (Jun 11)