Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Rules » False positive on ID: 2403 "NETBIOS SMB Session Setup AndX request unicode username overflow attempt"?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

False positive on ID: 2403 "NETBIOS SMB Session Setup AndX request unicode username overflow attempt"?


Posted by mlachniet on April 08, 2005 11:20:39

My apologies if this has been covered elsewhere, but I cannot find any answer in my online searches to date.

I loaded up an ethereal capture I had from some troubleshooting, and got a lot of hits on this ID.

It appears to be an issue specific to an ISS product (BID:9752) but there is certainly no such product in use, and there are a lot of hits from several hosts.

In googling, I see one other person talking about false positives on this, but no resolution.

Can anyone comment on this? It does seem like a false positive, but just thought I would ask.

Thanks,

Mark Lachniet
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.