[Snort-users] Alerts from server to PC?

Carlton L. Whitmore cwhitmore at ...12125...
Tue Aug 31 11:54:15 EDT 2004


I've been getting several of these alerts a day. The IP that ends with
.9 is the server and .63 is the PC.. What causes alerts going from the
server to the PC? The server is a Print/File W2k Server. 
Is there a way to block alerts that originate from certain IP addresses?


EVENT # : 198033 
EVENTLOG : Application 
EVENT TYPE : INFORMATION (4) 
SOURCE : snort 
EVENT ID : 1 
TIME : 8/16/2004 10:42:36 AM 
MESSAGE : [1:2404:5] NETBIOS SMB-DS Session Setup AndX request unicode
username overflow attempt [Classification: Attempted Administrator
Privilege Gain] [Priority: 1]: {TCP} 160.214.186.9:1894 ->
160.214.186.63:445

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040831/804f12dc/attachment.html>


More information about the Snort-users mailing list