[Snort-users] many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt'

Everist, Benjamin S. (NASWI) EveristB at ...8190...
Wed Jun 11 10:00:05 EDT 2003


Have a look at http://www.snort.org/snort-db/sid.html?sid=2102

In particular, "This rule has been deprecated due to an inordinately large
number of 
false positives. Rule 2101 has been modified to take this into account."

If your windows machines are properly patched (MS02-045), you will likely
want to 
comment out this rule.

-----Original Message-----
From: Ciprian Badescu [mailto:ciprian.badescu at ...9292...]
Sent: Wednesday, June 11, 2003 1:01 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data
Count of 0 DOS Attempt'


Hi,

I've installed snort on a FreeBSD and a Windows 2000 sistems, and I have
many messages like in sublect line.

The source addresses are all PC's from local network. Could be a false
alarm?

thanks.

--
Ciprian Badescu


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030611/21eab6d1/attachment.html>


More information about the Snort-users mailing list