[Snort-users] NT Null sessions [newbie]
fygrave at ...121...
Wed Jan 3 04:34:30 EST 2001
On Wed, Jan 03, 2001 at 11:13:55AM +0200, Langa Kentane wrote:
> I am getting the following in my logs:
> [**] IDS204 - NT NULL session [**]
> 01/03-09:29:32.422507 172.24.146.38:1037 -> 172.24.155.146:139
> TCP TTL:127 TOS:0x0 ID:5141 DF
> *****PA* Seq: 0xDAB92 Ack: 0x7EF6A3D5 Win: 0x21C1
> What does this mean, does this need to be logged?
> I am using the snortfull.conf I got from snort.org. Should I perhaps try
> and make custom ones from their web interface that will exclude netbios?
> Will that not be a problem in the sense that netbios attacks will not be
check out this url for NT NULL session explanations:
if you don't care of your win boxes (or don't have them) it shouldn't
be a problem to customise your ruleset and remote NetBIOS support from it :)
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
More information about the Snort-users