[Snort-sigs] Possible False Positive in sid:2514?
msconzo at ...1371...
Wed May 19 08:50:07 EDT 2004
Two of my users here that have triggered sid:2514 (the NETBIOS
SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt).
One is managing to triger it while trying to copy over a large
directory structure to another machine, and the other is using SELM
to monitor event logs. Anybody else seeing this? I have a packet
capture (extremely large) of the directory copy F.P.
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
More information about the Snort-sigs