[Snort-users] NT Null sessions [newbie]

Langa Kentane LangaK at ...1059...
Wed Jan 3 04:13:55 EST 2001


Greetings.
I am getting the following in my logs:
[**] IDS204 - NT NULL session [**]
01/03-09:29:32.422507 172.24.146.38:1037 -> 172.24.155.146:139
TCP TTL:127 TOS:0x0 ID:5141  DF
*****PA* Seq: 0xDAB92   Ack: 0x7EF6A3D5   Win: 0x21C1

What does this mean, does this need to be logged?
I am using the snortfull.conf  I got from snort.org.  Should I perhaps try
and make custom ones from their web interface that will exclude netbios?
Will that not be a problem in the sense that netbios attacks will not be
logged?

Thanks in advance

__________________________________________________________
Langa Kentane		| TEL: (011) 290 3218
Security Administrator	| Cell: 082 606 1515
DISCOVERY HEALTH		| http://www.discoveryhealth.co.za
__________________________________________________________________





More information about the Snort-users mailing list