Y
yasar1
Dear all,
I have a few windows 2000 machines on which I set the Audit Policies
and and installed Snare client from InterSect Alliance to capture the
logs. These logs are then sent to a specific port on a Unix server
(port & server specified in snare)that acts as a centralized snare
server capturing the logs.
All works fine on most of the machines, however 1 or 2 of the machines
on which I have NOT yet installed the snare client seem to be sending
packets from port 138 or 137 to port 3514! I understand these to be UDP
Netbios ports that broadcast/listen which is fine BUT
I can´t seem to figure out why they are sending info from port 137/8
to port 3514 on the Unix machine? basically result is that syslog just
shows garbage in the logs for the captured packets from these machines.
Any help or advise would be greatly appreciated.
Regards
Y
I have a few windows 2000 machines on which I set the Audit Policies
and and installed Snare client from InterSect Alliance to capture the
logs. These logs are then sent to a specific port on a Unix server
(port & server specified in snare)that acts as a centralized snare
server capturing the logs.
All works fine on most of the machines, however 1 or 2 of the machines
on which I have NOT yet installed the snare client seem to be sending
packets from port 138 or 137 to port 3514! I understand these to be UDP
Netbios ports that broadcast/listen which is fine BUT
I can´t seem to figure out why they are sending info from port 137/8
to port 3514 on the Unix machine? basically result is that syslog just
shows garbage in the logs for the captured packets from these machines.
Any help or advise would be greatly appreciated.
Regards
Y