[Snort-sigs] NETBIOS DCERPC ISystemActivator bind attempt
jdambly at ...1900...
Fri Sep 26 06:02:09 EDT 2003
Nope some of the servers are not exchange.
From: Luedke, Mike [mailto:Mike.Luedke at ...1908...]
Sent: Thursday, September 25, 2003 4:49 PM
To: d'Ambly, Jeff
Subject: RE: [Snort-sigs] NETBIOS DCERPC ISystemActivator bind attempt
I see regular false positives for this rule between Microsoft Exchange
Servers within our enterprise. By chance, are the source and destination of
your alerts Exchange hosts?
d'Ambly, Jeff wrote:
> Has anyone found a false positive for the NETBIOS DCERPC
> ISystemActivator bind attempt rule? I have a machine that is constantly
> matching this rule, but I ran the Symantec tools to look for the MS
> blast worm and it found nothing.
More information about the Snort-sigs