Snort mailing list archives

Re: No alert_smb in 2.1.0?

From: Brian <bmc () snort org>
Date: Sat, 20 Dec 2003 08:21:08 -0500

On Fri, Dec 19, 2003 at 09:38:29PM -0600, Frank Knobbe wrote:

That's ridiculous. SMB alerts (like SNMP alerts) are a single UDP
packet. Database stuff taxes the system much more. Will spo_database be
removed in favor of Barnyard as well? Perhaps we should remove all
non-filesystem plugins..... geesh....


The SMB packets were not generated by snort.  They were generated by
executing smbclient after building a complicated commandline string.

Brian


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No alert_smb in 2.1.0? Mike Maki (Dec 19)
- Re: No alert_smb in 2.1.0? Matt Kettler (Dec 19)
  - Re: No alert_smb in 2.1.0? Frank Knobbe (Dec 20)
    - Re: No alert_smb in 2.1.0? Brian (Dec 20)
    - question about spp stream4 retransmission Michel Christophe (Dec 20)
    - Re: No alert_smb in 2.1.0? Frank Knobbe (Dec 20)