RE: Snort SMB

["Sundström, Tomas" <Tomas.Sundstrom () anoto com>]

Hi,

pass udp $HOME_NET 137:138 <> $HOME_NET 137:138 (msg:"AcceptNetbios";
sid:100002
7;)

you choose wheter you pass, alert, log, react to this match.
This rule only applies on local "broadcasts" sent from windows mashines but
also for samba enabled servers.


Rgds. Tomas

-----Original Message-----
From: Spangberg, Henrik [mailto:Henrik.Spangberg () borealisgroup com]
Sent: den 22 augusti 2002 11:25
To: Snort-Users (E-mail)
Subject: [Snort-users] Snort SMB


Hello,
Does annybody now where to find inforamtion how to configure SNORT wtih smb
alert.
Does SAMBA have to be installed?
> > No

Most kind regards Henrik


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender either by telephone or by e-mail and delete the material
from any computer. Thank you for your cooperation.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.borealisgroup.com
**********************************************************************



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users