[Snort-devel] SMB bug?

Jarmo Järvenpää jarmo.jarvenpaa at ...200...
Thu Jan 11 06:05:23 EST 2001


Can you check if there's a bug with SMB sending code?

- I tried to telnet to to port 6939 (from

This is generated with debugging and is displayed on screen with
Triggering responses (nil)
        <!!> Generating alert! "IDS89 - BACKDOOR ATTEMPT-Indoctrination"
Generating SMB alert!
Sending WinPopup alert to: TEST
Command Line: echo "SNORT ALERT - Possible Network Attack or Probe:
 [**] IDS89 - BACKDOOR ATTEMPT-Indoctrination [**]
01/11-12:45:52.429704>" | smbclient -U
Snort -M TEST
   => Finishing alert packet!
Directory Created!
Opening file: /var/log/snort/

This is part from logfile, which is correct
[**] IDS89 - BACKDOOR ATTEMPT-Indoctrination [**]
01/11-12:27:14.331324 ->
TCP TTL:57 TOS:0x10 ID:1060 IpLen:20 DgmLen:60 DF
******S* Seq: 0x11E8EB54  Ack: 0x0  Win: 0x7D78  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 1479397536 0 NOP WS: 0 

Regards, Jarmo

More information about the Snort-devel mailing list