Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Win32 Misconfiguration

From: "Michael Steele" <michaels () silicondefense com>
Date: Thu, 24 Apr 2003 13:42:18 -0700
Julian,

This is happening to all our XP boxes. Snort is functioning properly. If
you find the root cause, please let me know.

The description for Event ID ( 1 ) in Source ( snort ) cannot be found.
The 
local computer may not have the necessary registry information or
message 
DLL files to display messages from a remote computer. The following 
information is part of the event: 


-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels () silicondefense com    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Julian
Brown
Sent: Thursday, April 24, 2003 9:10 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Win32 Misconfiguration

Latest Snort on Win32 as a service.  Logging to the NTEventLogger.

snort /SERVICE /INSTALL -de -E -l C:\Snort\log -h 192.168.168.0/24 -c 
C:\Snort\etc\snort.conf

I have a whole bunch of the following type messages in the EventViewer

The description for Event ID ( 1 ) in Source ( snort ) cannot be found.
The 
local computer may not have the necessary registry information or
message 
DLL files to display messages from a remote computer. The following 
information is part of the event: [1:2101:1] NETBIOS SMB 
SMB_COM_TRANSACTION Max Parameter of 0 DOS Attempt [Classification: 
Detection of a Denial of Service Attack] [Priority: 2]: {TCP} 
192.168.168.4:3512 -> 192.168.168.3:139.

I do not believe I have it set to output to alert_smb, I definitely do
not 
want alert_smb.

With the exception of these lines

#
# Include classification & priority settings
#

include c:\snort\etc\classification.config

#
# Include reference systems
#

include c:\snort\etc\reference.config

All of the output options are commented out in snort.conf

These files are all in there original state and not been modified.

What have I done wrong to get the above messages?

Thanx

Julian Brown
jbrown () eProcessingNetwork com




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: