Snort mailing list archives

Previous By Date Next
Previous By Thread Next

POP UP Alerts on the Desktop ......

From: Atul Shrivastava <atul_iet () yahoo com>
Date: Tue, 12 Nov 2002 21:30:00 -0800 (PST)

Hi,

This is in response to your following mail.

I am also facing a problem which is related to your problem.

I want that the snort will send POP Up messages to any machine and it is displayed in the monitor.

I am using SnortCenter for configuring it. In the create outplugin, there is a option that can create ALERT SMB (Send 
WinPopup alert messages to the NETBIOS named machines). When I click on the select, then there is this message:

Alert_smb: Send WinPopup alert messages to the NETBIOS named machines Workstation filename [input] 

When I click on the update and then make it active, it becomes active and when i restarts the snort after pushing it, 
then it also restart with the new settings, but it doesn't give any POP-UP messages.

Can you give me the solution.

Thanks in advance.

Ragards and have a nice day,

                                             Atul Shrivastava

 

 

Hi folks, 
I hope this is no drinking question ;-) 
I was not able to get smbalerts and the resp: rst_all to work, although I 
think I have 
configured snort correctly: 
./configure --with-mysql --enable-smbalerts --enable-flexresp; make 


and I think I can remember seeing the appropriate DENABLE variables floating 
over the screen during compile time. 

Maybe I have misunderstood something? 

Format 
alert_smb: <alert workstation filename> 
output alert_smb: workstation.list 

I have added to my snort.conf: 
output alert_smb: /root/snort/smbhosts 

Where smbhosts contains only one Netbiosname of the machine that should be 
notified. 
I have also tried to give the IP address instead. 
My smb client on SuSE 7.3 works - I have checked this, too. 
Snort does not complain about this, but it does not say anything like: 
"configured to use smbalerts" 
either. 

I also thought, maybe I have to add the line: 
alert_smb: <workstation.list> 
to the config file or to use this syntax to specify the hosts within the 
file smbhosts. 
None of these variants worked. 

Now to the flexresp problem: 
I have no IP Address assigned to the sniffing interface. Maybe that is a 
reason for snort 
not being able to reset the connections. I cannot see any RST packets in 
tcpdump. 
My original idea was that libnet should be able to spoof IP Addresse 
regardless if the interface has an IP address assigned or not, but maybe I am wrong 
here? 
I actually can see snort writing something like "libnet critical" to the 
prompt. 

Thanks for your help. 

Regards, 
D. Liesen 




---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Previous By Date Next
Previous By Thread Next

Current thread: