Snort mailing list archives
Re: NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt
From: JJ Cummings <cummingsj () gmail com>
Date: Thu, 18 Jun 2009 15:32:42 -0600
In the rules tarball you will find a sid.txt file that has all of the info that the aforementioned url had... i.e. 2349.txt extract the entire signatures directory that this is under into your BASE path so base/signatures/sid.txt and then the local link will work for you. JJC On Thu, Jun 18, 2009 at 3:19 PM, Jason Haar <Jason.Haar () trimble co nz>wrote:
Hi there We just had a machine trigger this rule against 3 hosts, so obviously I'm a bit suspicious. However, I can't find anything to explain what this rule means. Within BASE, I get referred to http://www.snort.org/pub-bin/sigs.cgi?sid=1:2349 - but that CGI doesn't exist any more? I imagine that's been moved within the new site. but I cannot see any references to the rule "explainer" on the site either. Help? Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt Jason Haar (Jun 18)
- Re: NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt JJ Cummings (Jun 18)
- Re: NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt Joel Esler (Jun 18)
- Re: NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt Jason Haar (Jun 18)
- Re: NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt Nigel Houghton (Jun 18)