Snort mailing list archives
NETBIOS SMB winreg access (unicode)
From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Wed, 14 Apr 2004 12:39:41 -0500
I see a lot of NETBIOS SMB winreg access (unicode) alerts on my Frame side. Does anyone else see this on their network. I have 28,000 hits in 3 days from a proxy server going to 50 destinations on my network. payload: length = 104 000 : 00 00 00 64 FF 53 4D 42 A2 00 00 00 00 18 07 C8 ...d.SMB........ 010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 28 14 04 .............(.. 020 : 01 48 42 EB 18 FF 00 DE DE 00 0E 00 16 00 00 00 .HB............. 030 : 00 00 00 00 9F 01 02 00 00 00 00 00 00 00 00 00 ................ 040 : 00 00 00 00 03 00 00 00 01 00 00 00 40 00 00 00 ............@... 050 : 02 00 00 00 03 11 00 00 5C 00 77 00 69 00 6E 00 ........\.w.i.n. 060 : 72 00 65 00 67 00 00 00 r.e.g... Does this look normal? JP ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NETBIOS SMB winreg access (unicode) Perrymon, Josh L. (Apr 14)
- <Possible follow-ups>
- RE: NETBIOS SMB winreg access (unicode) Perrymon, Josh L. (Apr 14)
- RE: NETBIOS SMB winreg access (unicode) larosa, vjay (Apr 14)