[Full-disclosure] NETBIOS SMB IPC$ unicode share access

[Michael Holstein]

> How to stop this event ie not to detect for this event. plz tell me in 
> brief note

There are 2 major ways to do this ...

1) Start Snort with the '-o' switch and then duplicate the offending 
signature using the 'pass' directive for the IP you want to ignore.

2) use the negation operator (!) in the rule for the IP you want to ignore.

BTW: this topic dosen't belong on full-disclosure. Try the snort-users list.

Regards,

Michael Holstein CISSP GCIA
Cleveland State University