Ive been getting alot of False positives 3325 (Samba Call_trans2open)..errors on my IDS 4235 ver: 4.1. They are all occuring from workstation or member servers that are trying to connect to my W2k server. We are not running Samba on Lan..Any advice would be greatly appreciated..Thanks
Re: False positives on 3325 (Samba Call_trans2open)
Can you please post the full specific version and signature level of your system. The signature is looking for a specific type of malformed SMB transaction that is a problem for Samba systems. If you do not run Samba, you could disable this alarm.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...