Snort mailing list archives

Re: [Newbie] alert definition

From: Erek Adams <erek () snort org>
Date: Thu, 10 Jul 2003 06:48:16 -0400 (EDT)

On Thu, 10 Jul 2003, pingouin osmolateur wrote:

I ve just install snort and i ve a lot of alert

NETBIOS NT NULL session
RPC portmap proxy attempt UDP
RPC portmap UDP proxy attempt

I look for information to resolv this alert but i never found
Can you help to stop this alert i don't want to use a pass rule


1)  Look at the packet that triggered the alert and decide if it was
legitimate traffic or a false positive.  At this point, you can either
disable the rule or use one of the following.
2)  Use a pass rule.
3)  Use a BPF filter.

        http://www.theadamsfamily.net/~erek/snort/ignore.txt

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

[Newbie] alert definition pingouin osmolateur (Jul 10)
- Re: [Newbie] alert definition Erek Adams (Jul 10)
- network shutdown on certain alerts Jason K. Boykin (Jul 21)