[Snort-users] Question.

Dickson, Paul pdickson at ...13910...
Wed Aug 30 14:23:13 EDT 2006


I'm pretty sure below is a false positive, since it is likely juse
netbios traffic.  Does anyone know if checks can differentiate between
normal traffic on certain ports and attacks?

NETBIOS SMB-DS Session Setup AndX request unicode username overflow
attempt 2006-08-29 13:48:19 10.12.3.171:1788 10.1.8.253:445 TCP




More information about the Snort-users mailing list