[Snort-sigs] Possible False Positive in sid:2514?

Michael Sconzo msconzo at ...1371...
Wed May 19 08:50:07 EDT 2004

Two of my users here that have triggered sid:2514 (the NETBIOS
SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt).
One is managing to triger it while trying to copy over a large
directory structure to another machine, and the other is using SELM
to monitor event logs.  Anybody else seeing this?  I have a packet
capture (extremely large) of the directory copy F.P.

The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37

More information about the Snort-sigs mailing list