Re: false positives?

[Cilin <cilin5 () yahoo com>]

Jeff,

I was experimenting with the HOME_NET variable and
decided to narrow it down to only the snort box
itself. Then the 

"NETBIOS SMB-DS IPC$ share unicode access." 

alert started triggering on normal activity. So I
would double check if the sources of these alerts are
from boxes that should have access to shared
resources.

Also, I logged tons of NETBIOS alerts when i was
trying to setup Symantec AV and connect a client box
to the 'protected' workgroup.

Hope this helps,

Vents




        
                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users