Snort mailing list archives

Previous By Date Next
Previous By Thread Next

rule to log all smb name and IP addr pairs

From: David Bear <David.Bear () asu edu>
Date: Thu, 13 Feb 2003 16:10:21 -0700
I'd like a way to log all netbios/smb sessions with their associated
IP address. Windows only logs the netbios name.  Though we know that
you can present ANY name in the smb session connect request.  I was
wondering if there is snort rule that someone has already written the
will log the netbios name/ip address pairs of smb sessions.  


-- 
David Bear
College of Public Programs/ASU
Mail Code 0803


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: