[Snort-sigs] NetBIOS Signatures

g.coochey at ...138... g.coochey at ...138...
Fri Mar 1 08:54:03 EST 2002


Just a note:

According to: http://ntsecurity.nu/papers/port445/

Signatures that are designed to detect NetBIOS activity will also have to check port 445 to catch Win2k <--> Win2k NetBIOS events and not ports 137,138 (UDP) and 139 (TCP).

Some of the signatures may also have to be reengineered.

Thanks to the person who contacted me to look into the NetBIOS saga recently. When I was looking at the NetBIOS Nimda events. I've got your email around here somewhere, just don't know where.





More information about the Snort-sigs mailing list