[Snort-sigs] FP with sid=2403

Jason Haar Jason.Haar at ...651...
Sun Mar 14 14:30:13 EST 2004


Rule:  "NETBIOS SMB Session Setup AndX request unicode username overflow
       attempt"

--
Sid: 2403

--
Summary:

This triggered as someone running Sophos Workstation AV Intercheck did an
automated pattern update off our central Sophos server. They logged in with
their domain username and password - but triggered a match

--
Impact:

False Positive. There is no ISS RealSecure or BlackICE products involved in
this...

--
Detailed Information:

--
Affected Systems:

WinXP workstation to Win2000 server

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:

--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




More information about the Snort-sigs mailing list