Snort mailing list archives
Alerts from server to PC?
From: "Carlton L. Whitmore" <cwhitmore () Advocacyinc org>
Date: Tue, 31 Aug 2004 13:46:42 -0500
I've been getting several of these alerts a day. The IP that ends with .9 is the server and .63 is the PC.. What causes alerts going from the server to the PC? The server is a Print/File W2k Server. Is there a way to block alerts that originate from certain IP addresses? EVENT # : 198033 EVENTLOG : Application EVENT TYPE : INFORMATION (4) SOURCE : snort EVENT ID : 1 TIME : 8/16/2004 10:42:36 AM MESSAGE : [1:2404:5] NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt [Classification: Attempted Administrator Privilege Gain] [Priority: 1]: {TCP} 160.214.186.9:1894 -> 160.214.186.63:445
Current thread:
- Alerts from server to PC? Carlton L. Whitmore (Aug 31)