Re: the better way?

[Ralf Spenneberg <lists () spenneberg org>]

Hi,

the first is not dangerous and the second is hopefully patched. You can
suppress these alerts but I would simply comment out the related rules.

Ralf

Am Donnerstag, den 10.11.2005, 07:50 -0800 schrieb John Friedman:
> Hi all,
>  
> I found I have lots of these alerts:  10.1.10.3 is domain controller.
>  
>        
>      
> #2-(2-1564)    
>    [snort]
> NETBIOS
> SMB-DS IPC
> $ unicode
> share
> access    
>      
> 2005-11-10
>  10:36:18
>       
>      
> 10.1.12.14:4000    
>      
> 10.1.10.3:445    
>    TCP    
>         
>      
> #3-(2-1563)    
>
> [nessus]
> [nessus]
> [cve]
> [icat]
> [bugtraq]
> [bugtraq]
> [snort]
> NETBIOS
> SMB-DS
> Session
> Setup
> NTMLSSP
> unicode
> asn1
> overflow
> attempt
>    
>      
> 2005-11-10
>  10:36:18
>       
>      
> 10.1.12.14:4000    
>      
> 10.1.10.3:445    
>    TCP    
>  
>
> 10.1.12.14 is workstation or server IP.  What's the better way
> to ignore these alerts?  (suppress?)  BTW, why does it generate many
> these alerts and is it dangerous?
>
>  
>
> Thanks,
>
>  
>
> John
>
>
> ______________________________________________________________________
> Yahoo! FareChase - Search multiple travel sites in one click. 
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
-- 
Ralf Spenneberg
OpenSource Training                     http://www.opensource-training.de
Webereistr. 1                           48565 Steinfurt           Germany




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users