[Snort-users] Question.

Dickson, Paul pdickson at ...13910...
Wed Aug 30 14:23:13 EDT 2006

I'm pretty sure below is a false positive, since it is likely juse
netbios traffic.  Does anyone know if checks can differentiate between
normal traffic on certain ports and attacks?

NETBIOS SMB-DS Session Setup AndX request unicode username overflow
attempt 2006-08-29 13:48:19 TCP

More information about the Snort-users mailing list