Snort mailing list archives

Previous By Date Next
Previous By Thread Next

the better way?

From: John Friedman <jfriedmanx () yahoo com>
Date: Thu, 10 Nov 2005 07:50:27 -0800 (PST)
Hi all,
 
I found I have lots of these alerts:  10.1.10.3 is domain controller.
 
  [input]      [input]     #2-(2-1564)       [snort] NETBIOS SMB-DS IPC$ unicode share access       2005-11-10 10:36:18 
      10.1.12.14:4000       10.1.10.3:445       TCP        [input]      [input]     #3-(2-1563)       [nessus] [nessus] 
[cve] [icat] [bugtraq] [bugtraq] [snort] NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt       
2005-11-10 10:36:18       10.1.12.14:4000       10.1.10.3:445       TCP    

 

10.1.12.14 is workstation or server IP.  What's the better way to ignore these alerts?  (suppress?)  BTW, why does it 
generate many these alerts and is it dangerous?

 

Thanks,

 

John

                
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.  
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: