Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort problem

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 27 Jun 2003 16:08:07 -0400
At 05:41 PM 6/26/2003 -0400, mshultz () vastcs net wrote:
Hello. I'm not sure if this is a support mailing list but hopefully someone could help me out.
I am relativly new to Snort and it looks very decent for what I need it to do. I am running snort on a win32 machine. My problem is that I need snort to send either an email, which doesn't look possible as I am not a programmer, or an SMB message to a selected workstation. My problem is that SMB doesn't seem to be compiled into the windows binaries and there doesn't seem to be another way to configure it without the 'configure' executable. Any help would be appreciated. 

Mike.
Well, sending an email from within snort is absolutely impossible, even if you are a programmer. Snort needs to be very very very fast (ie: 1/1000th of a second delay has a HUGE impact on performance). If it goes off and generates network connections, launches programs, etc, it will miss a large quantity of traffic, creating a very effective way for attackers to sneak past your snort sensor by only generating one alert that causes email.
Really, I'd suggest using something like acid for your logging and alerting needs if you're restricted to the win32 platform. Emails, smb alerts, etc are really best done with an external program so that snort isn't wasting time babysitting a network messaging protocol. 








-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: