[Snort-users] [Newbie] alert definition

Erek Adams erek at ...950...
Thu Jul 10 03:49:11 EDT 2003


On Thu, 10 Jul 2003, pingouin osmolateur wrote:

> I ve just install snort and i ve a lot of alert
>
> NETBIOS NT NULL session
> RPC portmap proxy attempt UDP
> RPC portmap UDP proxy attempt
>
> I look for information to resolv this alert but i never found
> Can you help to stop this alert i don't want to use a pass rule

1)  Look at the packet that triggered the alert and decide if it was
legitimate traffic or a false positive.  At this point, you can either
disable the rule or use one of the following.
2)  Use a pass rule.
3)  Use a BPF filter.

	http://www.theadamsfamily.net/~erek/snort/ignore.txt

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list