[Snort-users] NT Null sessions [newbie]
LangaK at ...1059...
Wed Jan 3 04:13:55 EST 2001
I am getting the following in my logs:
[**] IDS204 - NT NULL session [**]
01/03-09:29:32.422507 172.24.146.38:1037 -> 172.24.155.146:139
TCP TTL:127 TOS:0x0 ID:5141 DF
*****PA* Seq: 0xDAB92 Ack: 0x7EF6A3D5 Win: 0x21C1
What does this mean, does this need to be logged?
I am using the snortfull.conf I got from snort.org. Should I perhaps try
and make custom ones from their web interface that will exclude netbios?
Will that not be a problem in the sense that netbios attacks will not be
Thanks in advance
Langa Kentane | TEL: (011) 290 3218
Security Administrator | Cell: 082 606 1515
DISCOVERY HEALTH | http://www.discoveryhealth.co.za
More information about the Snort-users