[Snort-sigs] Possible False Positive in sid:2514?

Michael Sconzo msconzo at ...1371...
Wed May 19 08:50:07 EDT 2004


Two of my users here that have triggered sid:2514 (the NETBIOS
SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt).
One is managing to triger it while trying to copy over a large
directory structure to another machine, and the other is using SELM
to monitor event logs.  Anybody else seeing this?  I have a packet
capture (extremely large) of the directory copy F.P.

Thanks,
-=Mike
-- 
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37




More information about the Snort-sigs mailing list