So these two servers are internal at different locations. I read the error from snot.com, but I do not understand how to correct the error. These two servers are DC's. For the time being I put an exception in, but I would like to correct the issue.
Details about the intrusion alert:
Message........: NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian attempt
Details........: http://www.snort.org/search/sid/14709?r=1
Time...........: 2010:08:22-18:30:58
Packet dropped.: yes
Priority.......: 3 (low)
Classification.: Generic Protocol Command Decode IP protocol....: 6 (TCP)
Source IP address: 10.1.1.44
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Source port: 445 (microsoft-ds)
Destination IP address: 10.145.1.102
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Destination port: 4565
This thread was automatically locked due to age.
