Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Smb output

From: "Joshua Berry" <jberry () PENSON COM>
Date: Thu, 22 Jul 2004 08:34:54 -0500
Frank Knobbe wrote:

On Wed, 2004-07-21 at 17:13, Michael Sconzo wrote:

Ok, if you re-wrote smbclient (or at least the part that does the
WinPopUp stuff),



No, no. I'm saying don't use smbclient at all. Have Snort populate a

UDP

packet and send it out. 



  That could be an option. But...



Then that gets into duplicating work etc ... but if you or somebody
else does it, I wouldn't complain either, and would probably use it.


Heh... I don't even have much time at the moment to work on Snortsam.

:(

And since I don't use the SMB alert, there is no incentive for me
either. Speaking of Snortsam, I'm doing something very similar there.



...no one is interested in rewriting this.



  And one more thing. How many WinPopUp windows you gonna find after 
you've been out for just one hour (e.g. having lunch)? Personally I 
wouldn't want to deal with several hundred open windows at once. :)


If someone were to rewrite it I think it would be better to follow the
flexresp method, where you can add an option to a rule to send a
WinPopUp on alerts that are most important to you.  That way analysts
wouldn't be inundated with the WinPopUp's.


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: