[Snort-users] false positives?
cilin5 at ...131...
Mon Nov 29 09:07:01 EST 2004
I was experimenting with the HOME_NET variable and
decided to narrow it down to only the snort box
itself. Then the
"NETBIOS SMB-DS IPC$ share unicode access."
alert started triggering on normal activity. So I
would double check if the sources of these alerts are
from boxes that should have access to shared
Also, I logged tons of NETBIOS alerts when i was
trying to setup Symantec AV and connect a client box
to the 'protected' workgroup.
Hope this helps,
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
More information about the Snort-users