Hosting Provided By

[Snort-sigs] FP with sid=2403

From: Jason Haar <Jason.Haar(at)trimble.co.nz>
Date: Sun Mar 14 2004 - 16:55:00 EST

Rule: "NETBIOS SMB Session Setup AndX request unicode username overflow

attempt"

--

Sid: 2403

--

Summary:

This triggered as someone running Sophos Workstation AV Intercheck did an automated pattern update off our central Sophos server. They logged in with their domain username and password - but triggered a match

--

Impact:

False Positive. There is no ISS RealSecure or BlackICE products involved in this...

--

Detailed Information:

Do you need help?

--

Affected Systems:

WinXP workstation to Win2000 server

--

Attack Scenarios:

--

Ease of Attack:

--

False Positives:

--

False Negatives:

--

Corrective Action:

--

Contributors:

Do you need more help?

--

Additional References:

--

Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Sun Mar 14 18:20:58 2004

This message: [ Message body ]
Next message: Brian: "Re: [Snort-sigs] Shouldn't all chat.rules be "policy violation"?"
Previous message: Hugo van der Kooij: "Re: [Snort-sigs] detection time"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:37 EDT