[Snort-users] HELP
This is a discussion on [Snort-users] HELP within the Snort forums, part of the System Security and Security Related category; =20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-20-2004
|
|||
|
|||
[Snort-users] HELP
=20
-----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of snort-users-request@lists.sourceforge.net Sent: Friday, August 20, 2004 12:07 AM To: snort-users@lists.sourceforge.net Subject: Snort-users digest, Vol 1 #4477 - 1 msg Send Snort-users mailing list submissions to snort-users@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/...fo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request@lists.sourceforge.net You can reach the person managing the list at snort-users-admin@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: Help, tons of false positive ASN1 overflow attempts. (Sean Brown) --__--__-- Message: 1 Date: Thu, 19 Aug 2004 19:22:56 -0600 From: Sean Brown <sblinux@shaw.ca> Subject: Re: [Snort-users] Help, tons of false positive ASN1 overflow attempts. To: snort-users@lists.sourceforge.net On August 19, 2004 12:50 pm, Aharon wrote: > Pardon my vague message here. I am a snort newbie! > > I just installed Snort v2.2.0 and the latest signatures inside our=20 > network here at work. Anyway, everything seems to work great, =20 > except for a vast amount of false positive ASN1 warnings. > > I do not want to disable these ASN1 signatures becuase they would be=20 > very usefull in finding virus infected PC's throughout our network. =20 > Most ASN1 errors seem to be communications between XP clients and=20 > windows 2000 and > 2003 servers. > > For example: > 0.01 1 172.16.221.166 10.33.1.108 NETBIOS SMB DCERPC NTLMSSP asn1 > overflow attempt {tcp} > > .166 is a clean virus free XP client, and .108 is a Windows 2003 server. > I am getting literally hundreds of these a second. > > How can I help in figuring out what this issue is? I can provide any=20 > info you need, just tell me what you need me to do. NTLMSSP is the NTLM secure service provider. If you have an Active Directory domain then this will be happening on a regular basis and its probably nothing to worry about. -Sean Brown --__--__-- _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/snort-users End of Snort-users Digest ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
