[Snort-users] [Newbie] alert definition
erek at ...950...
Thu Jul 10 03:49:11 EDT 2003
On Thu, 10 Jul 2003, pingouin osmolateur wrote:
> I ve just install snort and i ve a lot of alert
> NETBIOS NT NULL session
> RPC portmap proxy attempt UDP
> RPC portmap UDP proxy attempt
> I look for information to resolv this alert but i never found
> Can you help to stop this alert i don't want to use a pass rule
1) Look at the packet that triggered the alert and decide if it was
legitimate traffic or a false positive. At this point, you can either
disable the rule or use one of the following.
2) Use a pass rule.
3) Use a BPF filter.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users