Snort mailing list archives
Re: Smb output
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 21 Jul 2004 16:55:25 -0500
On Wed, 2004-07-21 at 16:24, Michael Sconzo wrote:
The slow(er) part is having the nmblookup take IP -> NetBIOS name then using that with smbclient to generate the WinPopUp message. Maybe I'm doing it a broken way...that's what I have now tho. So you lose 'time' by calling multiple external programs and waiting for them to return.
As I said, looks like the output plugin could be optimized where the admin supplies not only the IP address but also the NetBIOS name of the system to be contacted. All Snort would need to do is populate a UDP packet and throw it on the wire (without calling smbclient). Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Smb output Maetzky, Steffen (Extern) (Jul 20)
- Re: Smb output sekure (Jul 20)
- Re: Smb output Nerijus Krukauskas (Jul 20)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Nerijus Krukauskas (Jul 21)
- Re: Smb output Nerijus Krukauskas (Jul 20)
- Re: Smb output sekure (Jul 20)
- <Possible follow-ups>
- RE: Smb output Joshua Berry (Jul 22)
- RE: Smb output Frank Knobbe (Jul 22)