Log fra snort og betydning ?

[teik]

Heisann, et utdrag fra alert loggen til snort... Kan noen si meg hva som står, og hva det betyr ??

 

[**] [1:2472:9] NETBIOS SMB-DS C$ unicode share access [**]

[Classification: Generic Protocol Command Decode] [Priority: 3]

12/29-07:35:22.647822 192.168.11.3:54768 -> 192.168.11.5:445

TCP TTL:64 TOS:0x0 ID:48301 IpLen:20 DgmLen:118 DF

***AP*** Seq: 0xCF19D557 Ack: 0x3A3C3BE9 Win: 0x7D TcpLen: 20

 

[**] [1:2466:7] NETBIOS SMB-DS IPC$ unicode share access [**]

[Classification: Generic Protocol Command Decode] [Priority: 3]

12/29-07:46:08.178381 192.168.11.3:55085 -> 192.168.11.5:445

TCP TTL:64 TOS:0x0 ID:31703 IpLen:20 DgmLen:132 DF

***AP*** Seq: 0xAE559302 Ack: 0xC55B28E0 Win: 0x7D TcpLen: 20

 

[**] [1:3000:4] NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt [**]

[Classification: Generic Protocol Command Decode] [Priority: 3]

12/29-07:46:08.270647 192.168.11.3:33993 -> 192.168.11.5:139

TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:472

***AP*** Seq: 0xB3CAF651 Ack: 0xCDBA4597 Win: 0xFD46 TcpLen: 20

[Xref => http://www.microsoft.com/technet/security/...n/MS04-007.mspx][Xref => http://cgi.nessus.o

rg/plugins/dump.php3?id=12065][Xref => http://cgi.nessus.org/plugins/dump.php3?id=12052][Xref => http:

//cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0818][Xref => http://www.securityfocus.com/bid/9635][Xre

f => http://www.securityfocus.com/bid/9633]

 

[**] [1:538:15] NETBIOS SMB IPC$ unicode share access [**]

[Classification: Generic Protocol Command Decode] [Priority: 3]

12/29-07:46:08.271788 192.168.11.3:33993 -> 192.168.11.5:139

TCP TTL:64 TOS:0x0 ID:7716 IpLen:20 DgmLen:134 DF

***AP*** Seq: 0xB3CAF801 Ack: 0xCDBA4619 Win: 0x7D TcpLen: 20